BRKCRT-2601 - VRF, MPLS and MPBGP Fundamentals (2017 Las Vegas) - 90 Mins

VRF, MPLS and MPBGP Fundamentals BRKCRT-2601

Jason Jas on Goo Gooley, ley, CCIEx2 CCIEx2 (RS, SP) SP) #38759 #38759 Twitter: Tw itter: @Jason_Gooley LinkedIn: http://www http://www.linkedin.com/in/jgooley .linkedin.com/in/jgooley

VRF, MPLS and MPBGP Fundamentals BRKCRT-2601

Jason Jas on Goo Gooley, ley, CCIEx2 CCIEx2 (RS, SP) SP) #38759 #38759 Twitter: Tw itter: @Jason_Gooley LinkedIn: http://www http://www.linkedin.com/in/jgooley .linkedin.com/in/jgooley

Agenda 

Introduction to Virtualization



VRF-Lite



MPLS & BGP Free Core



Multiprotocol BGP (MP-BGP)



Conclusion



Q&A

Cisco Spark Questions?

Use Cisco Spark to chat with the speaker after the session

How 1.

Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion” 3.

Install Spark or go directly to the space

4.

Enter messages/questions in the space

Cisco Spark spaces will be available until July 3, 2017.

cs.co/ciscolivebot#BRKCRT-2601 E.g: session ID = BRKCRT-2601

3 networks walk into a …

What is a VRF?

Enterprise Network Virtualization Key Building Blocks

Device Partitioning

Virtualized Interconnect Si

VRF VRF Global

“Virtualizing” the Routing and Forwarding o f the Device

Extending and Maintaining the “Virtualized” Devices/Pools over Any Media

Device Partioning Layer 2 vs. Layer 3 Virtualization

VRF

VRF VRF Global

VLAN—Virtual LAN

VRF—Virtual Routing and Forwarding



Virtualize at Layer 2 forwarding





Associates to one or more L2 interfaces on switch







Has its own MAC forwarding table and spanning-tree instance per VLAN



Interconnect options? VLANs are extended via a physical cable or virtual 802.1q trunk

Virtualize at Layer 3 forwarding Associates to one or more Layer 3 interfaces on router/switch Each VRF has its own Forwarding table (CEF) Routing process (RIP, EIGRP, OSPF, BGP)



Interconnect options (VRF-Lite)? 802.1q, GRE, sub-interfaces, physical cables, signaling

Path Isolation Functional Components Per VRF: 



Device virtualization 

Control plane virtualization



Data plane virtualization



Services virtualization

Data path virtualization 

Hop-by-Hop - VRF-Lite End-to-End



Multi-Hop - VRF-Lite GRE



MPLS-VPN



MPLS VPN over IP



MPLS VPN over DMVPN



MPLS VPN o GRE/mGRE

Virtual Routing Table Virtual Forwarding Table

VRF VRF Global

802.1q

IP/MPLS

VRF-Lite

What is VRF-Lite?

Per VRF:

Functional Components

Virtual Routing Table Virtual Forwarding Table

WAN/Campus VRF VRF VRF

VRF VRF VRF

802.1q, GRE, DLCI 



 A VRF supports it’s own Routing Inform ation Base (RIB) and Forwarding Inf ormati on Base (FIB)

Leverages “Virtual” encapsulation for separation: 



Routing protocols are “VRF aware” 



Ethernet/802.1Q, GRE, Frame Relay RIP/v2, EIGRP, OSPF, BGP, static (per VRF)

Layer 3 interfaces can only belong to a single VRF

VRF-Lite

Things to Remember  VLAN 10 VLAN 20









End-to-End segmentation is done on a per VRF and per hop basis

MP-BGP or control plane signaling is not required

Labels are not required (i.e. MPLS) Scaling should be limited to a small number of VRFs

VLAN 11 VLAN 21

VLAN 12 VLAN 22

IGPs VLAN 13 VLAN 23

VLAN 15 VLAN 25

VLAN 14 VLAN 24 VLAN 16 VLAN 26

VRF-Lite

Per VRF: Virtual Routing Table Virtual Forwarding Table Locally Significant

Sub-interface Example R1

Lo 1

R2 .1

Lo 1

.2 VLAN 12

1.1.1.1

VRF-R

Lo 2

.1    4    1    N    A    L    V

   4    1    1    N    A    L    V

   4    1    2    N    A    L    V

Lo 2

VRF-E

VLAN 212

VRF-O

Lo 3

VRF-R

VLAN 112

VRF-E

2.2.2.2

VRF-O

.2

F0/0.X VLAN X 10.1.X.0/24 Sub-interface/VLAN/VRF Mapping

   3    2    N    A    L    V

   3    2    1    N    A    L    V

Lo 3

IGPs: VRF-R = RIP VRF-E = EIGRP VRF-O = OSPF

   3    2    2    N    A    L    V

.4

.3

Lo 1

Lo 1 VLAN 34

4.4.4.4

VRF-R

Lo 2

VRF-O

Lo 3

R4

VRF-R

VLAN 134

VRF-E

VLAN 234

.4

Lo 2

VRF-E

.3

VRF-O

R3

Lo 3

3.3.3.3

VRF-Lite Sub-interface Configuration Command Line Interface (CLI) Review ip vrf VRF-R rd 1:1 interf ace FastEthernet0/0.12 ip vrf forwarding VRF-R interface Loopback1 ip vrf forwarding VRF-R ip vrf VRF-E rd 2:2 interf ace FastEthernet0/0.112 ip vrf forwarding VRF-E interface Loopback2 ip vrf forwarding VRF-E ip vrf VRF-O rd 3:3 interf ace FastEthernet0/0.212 ip vrf forwarding VRF-O interface Loopback3 ip vrf forwarding VRF-O

VRF VRF VRF

VRF-Lite Sub-interface Configuration Command Line Interface (CLI) Review – VRF Definition Example vrf definition VRF-R r d 1: 1 address-family ipv 4 interf ace FastEthernet0/0.12 vrf forwarding VRF-R interface Loopback1 vrf forwarding VRF-R

vrf definition VRF-O r d 3: 3 address-family ipv 4

interf ace FastEthernet0/0.212 vrf forwarding VRF-O interface Loopback3 vrf forwarding VRF-O

VRF VRF VRF

Multiprotocol VRF Conversion Configuration Command Line Interface (CLI) Review vrf upgr ade-cli mult i-af-mode {common-policies | non-common-policies } [ vr f   vrf-name] PE1(config)#vrf upgrade-cli multi-af-mode common-policies You are about to upgrade to the multi-AF VRF syntax commands. You will lose any IPv6 addresses configured on interfaces belonging to upgraded VRFs.  Are yo u s ur e ? [ yes ]: Number of VRFs upgraded: 1 interf ace Ethernet0/1 vrf fo rwarding VRF ip addres s 10.1.78.7 255.255.255.0 PE1(config)#do sh run | se vrf  vrf definition VRF r d 7: 1 route-target export 7:1 route-target import 5:1

VRF VRF VRF

VRF Aware RIP Configuration Command Line Interface (CLI) Review

Leverage what you already know!

router rip version 2 networ k 1.0.0.0 network 10.0.0.0 no auto-summary

router rip ! address-family ipv4 v rf VRF-R networ k 1.0.0.0 network 10.0.0.0 no auto-summary version 2 exit-address-family

VRF

RIP leverages address-family ipv4 vrf ______

VRF Aware EIGRP Configuration Command Line Interface (CLI) Review

Leverage what you already know!

router eigrp 10 netw ork 1.1.1.1 0.0.0.0 netw ork 10.1.112.0 0.0.0.255 no auto-summary router eigrp 10 (AS can be the same or diff erent as one of th e VRFs!!!) auto-summary ! address-family ipv4 v rf VRF-E netw ork 1.1.1.1 0.0.0.0 netw ork 10.1.112.0 0.0.0.255 no auto-summary autonomous-system 10 exit-address-family

VRF

EIGRP leverages address-family ipv4 vrf ______ Set unique autonomous system number per VRF

VRF Aware OSPF Configuration Command Line Interface (CLI) Review

Leverage what you already know!

router ospf 1 log-adjacency-changes netw ork 1.1.1.1 0.0.0.0 area 1 netw ork 10.1.212.0 0.0.0.255 area 0 router ospf 2 vrf VRF-O log-adjacency-changes netw ork 1.1.1.1 0.0.0.0 area 1 netw ork 10.1.212.0 0.0.0.255 area 0

VRF

OSPF leverages vrf ______ after the unique process number 

Live Exploration

No Sub-interface Support? No Problem! GRE Example R1

Lo11

R2 .1

VRF-R

Lo12

Lo13

.1    4    1    l   e   n   n   u    T

   4    1    1    l   e   n   n   u    T

VRF-R VRF-E

 VRF-O

Tunnel 212

VRF-O

GRE tunnel interface is “VRF aware” .2

Tunn el X 10.1.X.0/24

   4    1    2    l   e   n   n   u    T

Each VRF uses a unique GRE tunnel



Tunnel 112

VRF-E

Lo 1

.2 Tunnel 12

1.1.1.1

VRF-Lite can also leverage GRE tunnels as a segmentation technology



   3    2    l   e   n   n   u    T

Tunnel/VRF Mapping

   3    2    1    l   e   n   n   u    T

Lo13

   3    2    2    l   e   n   n   u    T

.4

.3

Lo11

Lo11 Tunnel 34

4.4.4.4

VRF-R

Lo12

VRF-O

Lo13

R4

VRF-R

Tunnel 134

VRF-E

VRF-E

Tunnel 234

.4

.3

Lo12

3.3.3.3

VRF-O

R3

Lo13

Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)

VRF-Lite Tunnel Configuration Command Line Interface (CLI) Review ip vrf VRF-S rd 11:11 interface Loopback101 ip address 11.11.11.11 255.255.255.255 (Global Routing Table)

Leverage what you already know! ip route vrf VRF-S 2.2.2.2 255.255.255.255 10.1.12.2

interface Tunnel12 ip vrf forwarding VRF-S ip addres s 10.1.12.1 255.255.255.0 tunnel sourc e Loopback101 tunn el dest ination 22.22.22.22 ip vrf VRF-S rd 22:22

VRF interface Loopback102 ip address 22.22.22.22 255.255.255.255 (Global Routing Table) interface Tunnel12 ip vrf forwarding VRF-S ip addres s 10.1.12.2 255.255.255.0 tunnel sourc e Loopback102 tunn el dest ination 11.11.11.11

ip route vrf VRF-S 1.1.1.1 255.255.255.255 10.1.12.1

Layer 2 Serial Link? No Problem? Back-to-Back Frame Relay Example R1

Lo111

VRF-Lite can also leverage Frame Relay Sub-interfaces as a segmentation Lo 1 technology



R2 .1

.2 Serial1/0.12

1.1.1.1

VRF-R

Lo112

Lo113

.1    4    1  .    1    /    1    l   a    i   r   e    S

   4    1    1  .    1    /    1    l   a    i   r   e    S



VRF-E

Serial1/0.212

VRF-O

VRF-O

sub-interface and DLCI .2

Serial1/0.X Serial1/1.X 10.1.X.0/24

   4    1    2  .    1    /    1    l   a    i   r   e    S

Each VRF uses a unique Frame-Relay

VRF-R

Serial1/0.112

VRF-E

   3    2  .    1    /    1    l   a    i   r   e    S

FR VC/VRF Mappin g

    3    2    1  .    1    /    1    l   a    i   r   e    S

Lo 3

Frame Relay sub-interface is “VRF aware”

   3    2    2  .    1    /    1    l   a    i   r   e    S

.4

.3

Lo111

Lo111 Serial1/0.34

4.4.4.4

VRF-R

Lo112

VRF-O

Lo113

R4

VRF-R

Serial1/0.134

VRF-E

Serial1/0.234

.4

Lo112

VRF-E

.3

VRF-O

R3

Lo113

Configuration Note: Leveraging Back-to-Back Frame-Relay Configuration

3.3.3.3

VRF-Lite Back-to-Back Frame Relay Configuration Command Line Interface (CLI) Review ip vrf VRF-B rd 111:111 interf ace Serial1/0 encapsulation frame-relay no keepalive Interface Serial1/0.12 point-to-po int ip vrf forwarding VRF-B ip addr ess 10.1.12.1 255.255.255.0 frame-relay interface-dlci 201

Leverage what you already know! router bgp 1 address-family ipv4 v rf VRF-B neighbor 10.1.12.2 remote-as 2 neighbor 10.1.12.2 activate no synchronization netw ork 1.1.1.1 mask 255.255.255.255 exit-address-family

ip vrf VRF-B rd 222:222 interf ace Serial1/0 encapsulation frame-relay no keepalive Interface Serial1/0.12 point-to-po int ip vrf forwarding VRF-B ip addr ess 10.1.12.2 255.255.255.0 frame-relay interface-dlci 201

VRF router bgp 2 address-family ipv4 vrf VRF-B neighbor 10.1.12.1 remote-as 1 neighbor 10.1.12.1 activate no synchronization netw ork 2.2.2.2 mask 255.255.255.255 exit-address-family

Live Exploration

VRF-Lite Summary 

Create a VRF in router for RIB/FIB and interface segmentation



No MPLS, LDP, or MP-BGP required



Optimal solution when VRF count is small (~ <8)



Supports multicast and QoS solutions



Leverage current routing protocol knowledge and apply it to PE-CE VRF Routing

MPLS & BGP Free Core

What Is MPLS? Most Painful L earn Study

What Is MPLS? Multi

Multi-Protocol: The ability to carry any payload Have: IPv4, IPv6, Ethernet, ATM, FR

Protocol L abel

Uses Labels to tell a node what to do with a packet; separates forwarding (hop by hop behavior) from routing (control plane)

Switching

Routing based on IPv4/IPv6 lookup. Everything else is label switching.

MPLS Component Overview 











CE routers owned by customer  PE routers owned by SP P routers owned by SP

Site 1

Customer “peers” to “PE” via IP

Site 2

Exchanges routing with SP via routing protocol (or static route)* SP advertises CE routes to other CEs

Customer 

Customer  CE

SP Demarcation

CE

Provider PE

PE P

CE IP Routing Peer (BGP, Static, IGP)

* Labels are not exchanged with the SP

Site 3

IP Routing IGP vs. BGP •

Exchange of IP routes for Loopback Reachability •

•

OSPF, IS-IS, EIGRP, etc.

iBGP neighbor peering over IGP transport

Forwarding Table In  Addr ess Label Prefix

Out Out I’face Label

Forwarding Table In  Addr ess Label Prefix

Out Out I’face Label

10.2.1.1

F0/0

10.2.1.1

NA

…

…

…

…

…

…

…

…

Forwarding Table In  Add ress Label Prefix

Out Out I’face Label

10.2.1.1

F0/0

…

…

F0/0

•

Route towards BGP Next-Hop

F0/0 F0/0

PE1

P

You Can Reach 2.2.2.2 Throug h Me

Routing Updates (OSPF)

10.2.1.1

PE2 BGP Update: You Can Reach 10.2.1.1 Thru Me By rout ing tow ards 2.2.2.2

You Can Reach 2.2.2.2 Thru Me

MPLS Label Switched Path (LSP) Setup with LDP Assignment of Remote Labels •

•

Local label mappings are sent to connected nodes Receiving nodes update forwarding table •

•

Forwarding Table In  Add res s Out Out Label Prefix I’faceLabel

Forwarding Table

Forwarding Table

In  Add res s Out Out In  Ad dr ess Out Out Label Prefix I’faceLabel Label Prefix I’faceLabel 2.2.2.2 F0/0 30 20 30 10.2.1.1 F0/0 -

-

2.2.2.2

F0/0

20

-

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

…

Out label

LDP label advertisement happens in parallel (downstream unsolicited)

F0/0

F0/0

PE1

Use Label 20 fo r 2.2.2.2

Label Distribution Protocol (LDP)

PE2

…

…

F0/0 10.2.1.1 VRF

P

Use Label 30 for 2.2.2.2

BGP Update: You Can Reach 10.2.1.1 Thru Me

MPLS Traffic Forwarding with LDP Hop-by-hop Traffic Forwarding Using Labels •

Ingress PE node adds label to packet (push) •

•

Downstream P node uses label for forwarding decision (swap) • •

•

Via MPLS forwarding table

Forwarding Table

Forwarding Table

In  Add res s Out Out In  Add res s Out Out Label Prefix I’faceLabel Label Prefix I’faceLabel

-

2.2.2.2

F0/0

20

20

2.2.2.2

F0/0

30

-

…

…

…

-

…

…

…

…

…

…

…

…

…

…

…

Outgoing interface Out label

Egress PE removes label and forwards original packet (pop)

Forwarding Table

In  Ad dr ess Out Out Label Prefix I’faceLabel

30

10.2.1.1

F0/0

-

…

…

…

…

F0/0

PE2

F0/0 VRF

10.2.1.1

F0/0

PE1 10.2.1.1

Data

P 20

2.2.2.2

Data

30

2.2.2.2

Forwarding based on L abel towards BGP Next-Hop (Loopback of far end ro uter)

Data

10.2.1.1

Dat a

BGP Update: You Can Reach 10.2.1.1 Thru Me By rout ing tow ards 2.2.2.2

BGP Free Core Component Overview 10.1.1.0/24

Site 2

VPNv4 iBGP Relationship

Site 1

CE2

CE1 P1

P2

PE1

PE2 P3

Redistribute IGP/Static Into BGP

P4

OSPF Area 0

1.

Always route towards BGP Next-Hop

2.

Routes will be valid on PE Routers

3.

Will label switch towards BGP Next-Hop of PE with MPLS enabled

End-to-End BGP and redistribution of routes into OSPF core not necessary!

Redistribute IGP/Static Into BGP

10.2.1.0/24

Multiprotocol BGP (MP-BGP)

Multiprotocol BGP (MP-BGP) Bringing It All Together  10.1.1.0/24

Site 1 10.1.1.0/24

10.2.1.0/24

VPNv4 iBGP Relationship

Next-Hop=CE1

Next-Hop=CE2 CE2

CE1 10.2.1.0/24 Next-Hop=PE1

VRF P1

P2

PE1

VRF

10.1.1.0/24 Next-Hop=PE2

PE2 P3

Redistribute IGP/Static Into BGP

P4

OSPF Area 0 Redistribute IGP/Static Into BGP

1.

PE receives an IPv4 update on a VRF interface (eBGP/OSPF/RIP/EIGRP)

2.

PE translates it into VPNv4 address (96-bit address) (64-bit RD + 32 bit IPv4 address)  –  –  –

3.

Site 2

Assigns an RT per VRF configuration Rewrites next-hop attribute to itself  Assigns a label based on VRF and/or interface

PE sends MP-iBGP update to other PE routers

10.2.1.0/24

Why an RD and VPNv4 Address? Use Case Cust A Site 1 10.1.1.0/24

VPNv4 iBGP Relationship 111:1:10.1.1.0/24

10.1.1.0/24 111:1:10.2.1.0/24

CE2

CE1

VRF A VRF B

Cust B Site 1 10.1.1.0/24

Cust A Site 2

10.2.1.0/24

P1

VRF A

P2

PE1

PE2 P3

CE1

Cust B Site 2

VRF B

P4

OSPF Area 0 222:1:10.1.1.0/24

10.1.1.0/24

10.2.1.0/24

CE2

10.2.1.0/24

10.2.1.0/24

222:1:10.2.1.0/24

1.

PE routers service multiple customers

2.

Once PE redistributes customer routes into MP-BGP, they must be unique

3.

RD is prepended to each prefix to make routes unique

VPNv4 prefixes are the combination of a 64-bit RD and a 32-bit IPv4 prefix. VPNv4 prefixes are 96-bits in length

Why are Route Targets Important? Use Case VRF A

Cust A Site 1 10.1.1.0/24

CE1

VRF A VRF C

Cust A Site 3 10.1.3.0/24

CE1

VPNv4 iBGP Relationship

Import 222:1

VRF B

Import 333:1

Import 111:1

Import 444:1

Export 222:1

Export 111:1 P1

PE2

Import 111:1

P3

P4

OSPF Area 0

Export 333:1

CE1

10.1.2.0/24

VRF B

P2

PE1 VRF C

Cust A Site 2

VRF D

Cust A Site 4

VRF D CE1

Import 111:1 Export 444:1

1.

Route Targets dictate which VRF will receive what routes

2.

Can be used to allow specific sites access to centralized services

3.

Cust A Site 2, Site 3 and Site 4 will not be able to exchange routes with each other 

Route Targets are a 64-bit value and are carried in BGP as an extended community

10.1.4.0/24

MPLS VPN and MP-BGP Command Line Interface (CLI) Review Customer 1

CE

VRF VRF-1

P

VRF VRF-1

PE

PE

EIGRP, OSPF, RIPv2, BGP, Static

Customer 2

P

CE

VPN Backbone IGP P P

CE VRF VRF-2

CE VRF VRF-2

VRF Configuration (PE) ! PE Router – Multip le VRFs ip v rf VRF-1 rd 65100:10 route-target im port 65102:10 route-target export 65102:10 ip v rf VRF-2

MP-iBGP Confi gurati on (PE) ! PE router 

MP-iBGP – VPNv4 Label Exchange

router b gp 65102 no bgp default ipv4-unicast neighbor 2.2.2.2 remote-as 65102

rd 65100:20

!

route-target im port 65102:20

address-family vpnv 4

route-target export 65102:20

neighbor 2.2.2.2 activate

!

neighbor 2.2.2.2 send-communi ty extended

Interface FastEthernet0/1.10

exit-address-family

ip vrf forwarding VRF-1 Int erface FastEthernet0/1.20 ip vrf forwarding VRF-2

! address-family ipv4 vrf VRF-1 redistribute rip

Live Exploration

MPLS VPN Technology Summary MPLS VPN Connection Model Global Address Space CE

VPN 2

VRF Green

P

P

PE

EIGRP, OSPF, RIPv2, BGP, Stat ic

PE

VPN Backbon e IGP P

VPN 1

P

VRF Blue

CE

MP-iBGP – VPNv4 Label Exchange

CE Routers 





VRF Associates to one or more interfaces on PE Has its own routing table and forwarding table (CEF) VRF has its own instance for the routing protocol (static, RIP, BGP, EIGRP, OSPF)

PE Routers •

MPLS Edge routers

•

MPLS forwarding to P routers

•

IGP/BGP – IP to CE routers

•

Distributes VPN information through MPBGP to other PE routers with VPNv4 addresses, extended community, VPN labels

P Routers •

P routers are in the core of the MPLS cloud

•

P routers do not need to run BGP

•

Do not have knowledge of VPNs

•

Switch packets based on labels (swap/pop) not IP

Closing Thoughts •

Break MPLS into smaller, more manageable chunks to accelerate learning

•

Leverage current routing protocol knowledge learning PE-CE VRF routing

•

MP-BGP and traditional IPv4 BGP configuration is very similar 

•

If routes are not present on CE routers check route-target import/export, communities and redistribution between IPv4 VRF address-families under IGP and BGP

•

If routes are present but you are having problems with reachability, check MPLS configuration

•

Remember on PE devices you are living in a VRF world (Ping, Traceroute etc.)

•

HAVE FUN !!!!! Remember, it’s a journey not a destination!

Order a copy of Programming and Automating Cisco Networks here: http://www.amazon.com/Programming-Automating-Cisco-Networksprogrammability/dp/1587144654/ref=sr_1_1?ie=UTF8&qid=1450796338&s r=8-1&keywords=Jason+Gooley

Complete Your Online Session Evaluation •

Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card.

•

Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us. Don’t forget: Cisco Live sessions will be

available for viewing on demand after the event at www.CiscoLive.com/Online.

Continue Your Education •

Demos in the Cisco campus

•

Walk-in Self-Paced Labs

•

Lunch & Learn

•

Meet the Engineer 1:1 meetings

•

Related sessions

What Is MPLS?

Master 

Share

Practice

Learn

Thank you

Live Exploration Diagrams

VRF-Lite

Per VRF: Virtual Routing Table Virtual Forwarding Table Locally Significant

Sub-interface Example R1

Lo 1

R2 .1

Lo 1

.2 VLAN 12

1.1.1.1

VRF-R

Lo 2

.1    4    1    N    A    L    V

   4    1    1    N    A    L    V

   4    1    2    N    A    L    V

Lo 2

VRF-E

VLAN 212

VRF-O

Lo 3

VRF-R

VLAN 112

VRF-E

2.2.2.2

VRF-O

.2

E0/0.X VLAN X 10.1.X.0/24 Sub-interface/VLAN/VRF Mapping

   3    2    N    A    L    V

   3    2    1    N    A    L    V

Lo 3

IGPs: VRF-R = RIP VRF-E = EIGRP VRF-O = OSPF

   3    2    2    N    A    L    V

.4

.3

Lo 1

Lo 1 VLAN 34

4.4.4.4

VRF-R

Lo 2

VRF-O

Lo 3

R4

VRF-R

VLAN 134

VRF-E

VLAN 234

.4

Lo 2

VRF-E

.3

VRF-O

R3

Lo 3

3.3.3.3

No Sub-interface Support/No Problem GRE Example R1

Lo11

R2 .1

VRF-R

Lo12

Lo13

.1    4    1    l   e   n   n   u    T

   4    1    1    l   e   n   n   u    T

VRF-R VRF-E

 VRF-O

Tunnel 212

VRF-O

GRE tunnel interface is “VRF aware” .2

Tunn el X 10.1.X.0/24

   4    1    2    l   e   n   n   u    T

Each VRF uses a unique GRE tunnel



Tunnel 112

VRF-E

Lo 1

.2 Tunnel 12

1.1.1.1

VRF Lite can also leverage GRE tunnels as a segmentation technology



   3    2    l   e   n   n   u    T

Tunnel/VRF Mapping

   3    2    1    l   e   n   n   u    T

Lo13

   3    2    2    l   e   n   n   u    T

.4

.3

Lo11

Lo11 Tunnel 34

4.4.4.4

VRF-R

Lo12

VRF-O

Lo13

R4

VRF-R

Tunnel 134

VRF-E

VRF-E

Tunnel 234

.4

.3

Lo12

3.3.3.3

VRF-O

R3

Lo13

Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)

Layer 2 Serial Link/No Problem Back-to-Back Frame Relay Example R1

Lo111

VRF Lite can also leverage Frame Relay Sub-interfaces as a segmentation Lo 1 technology



R2 .1

.2 Serial1/0.12

1.1.1.1

VRF-R

Lo112

Lo113

.1    4    1  .    1    /    1    l   a    i   r   e    S

   4    1    1  .    1    /    1    l   a    i   r   e    S



VRF-E

Serial1/0.212

VRF-O

VRF-O

sub-interface and DLCI .2

Serial1/0.X Serial1/1.X 10.1.X.0/24

   4    1    2  .    1    /    1    l   a    i   r   e    S

Each VRF uses a unique Frame-Relay

VRF-R

Serial1/0.112

VRF-E

   3    2  .    1    /    1    l   a    i   r   e    S

FR VC/VRF Mappin g

    3    2    1  .    1    /    1    l   a    i   r   e    S

Lo 3

Frame Relay sub-interface is “VRF aware”

   3    2    2  .    1    /    1    l   a    i   r   e    S

.4

.3

Lo111

Lo111 Serial1/0.34

4.4.4.4

VRF-R

Lo112

VRF-O

Lo113

R4

VRF-R

Serial1/0.134

VRF-E

Serial1/0.234

.4

Lo112

VRF-E

.3

VRF-O

R3

Lo113

Configuration Note: Leveraging Back-to-Back Frame-Relay Configuration

3.3.3.3

Multiprotocol BGP (MP-BGP) Bringing It All Together  VRF Instance Site 1 10.1.1.0/24

VRF Instance

iBGP Relationship

E0/1 E0/1

CE1 E0/1

E0/2

E0/0

E0/2

10.1.1.0/24

P1

Next-Hop=R8

E0/1

PE1

P2

E0/1

E0/3

E0/2 E0/1

E0/3

P4

OSPF Area 0 R8

10.2.1.0/24 E0/3

P3

E0/3

10.2.1.0/24 CE2

E0/1

E0/2

E0/0

Site 2

PE2

Next-Hop=R6

R&S Related Cisco Education Offerings Course

Description

Cisco Certification

CCIE R&S Advanced Workshops (CIERS-1 & CIERS-2) plus Self Assessments, Workbooks & Labs

Expert level trainings including: instructor led workshops, self assessments, practice labs and CCIE Lab Builder to prepare candidates for the CCIE R&S practical exam.

CCIE® Routing & Switching

• Implementing Cisco IP Routing v2.0 • Implementing Cisco IP Switched

Professional level instructor led trainings to prepare candidates for the CCNP R&S exams (ROUTE, SW ITCH and TSHOOT). Also available in self study eLearning formats with Cisco Learning Labs.

CCNP® Routing & Switching

Interconnecting Cisco Networking Devices: Part 2 (or combined)

Configure, implement and troubleshoot local and wide-area IPv4 and IPv6 networks. Also available in self study eLearning format with Cisco Learning Lab.

CCNA® Routing & Switching

Interconnecting Cisco Networking Devices: Part 1

Installation, configuration, and basic support of a branch network. Also available in self study eLearning format with Cisco Learning Lab.

CCENT® Routing & Switching

Networks V2.0 • Troubleshooting and Maintaining

Cisco IP Networks v2.0

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth