0% found this document useful (0 votes)
175 views12 pages

Cisco - Internet Access From An MPLS VPN Using A Global.2005

In certain network scenarios, it is required to access the Internet Irom an MPLSbased VPN using a global routing table. This sample conIguration Iocuses on providing Internet Access Irom the VPN routing and Iorwarding (VRF) that contains the deIault route to the Internet gateway router (IGW) inIormation presented in this document was created in a speciIic lab environment.

Uploaded by

Hứa Dũng
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
175 views12 pages

Cisco - Internet Access From An MPLS VPN Using A Global.2005

In certain network scenarios, it is required to access the Internet Irom an MPLSbased VPN using a global routing table. This sample conIguration Iocuses on providing Internet Access Irom the VPN routing and Iorwarding (VRF) that contains the deIault route to the Internet gateway router (IGW) inIormation presented in this document was created in a speciIic lab environment.

Uploaded by

Hứa Dũng
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12
Internet Access from an MPLS VPN Using a Global Routing Table Document ID: 24508 Contents Introduction Prerequisites Requirements ‘Components Used Background Theory Conventions Configure Network Diagram Configurations Verify VPN Connectivity Between CE 1 and CE 2 Connectivity to the Internet from CE 1 Troubleshoot Related Information Introduction ‘The purpose of this document is to demonstrate the sample configuration used to access the Internet from a Multiprotocol Label Switching (MPLS)-based VPN using a global routing table. In certain network scenarios, itis required to access the Internet from an MPLS-based VPN in addition to continuing to maintain the VPN connectivity among corporate sites. This sample configuration focuses on providing Intemet access from the VPN routing and forwarding (VRF) that contains the default route to the Internet gateway router (IGW), Prerequisites Requirements A basic understanding of MPLS forwarding and MPLS VPN is required to fully understand the contents of this document. Components Used ‘The information in this document is based on the software and hardware versions below. 12.1G)T. Release 12.0(5)T includes the MPLS VPN feature sor later, such as the Cisco 3660 or 7206 '* Cisco 10S® Software Rel ‘* Any Cisco router from the 3600 ser ‘The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it. Background Theory In this example configuration, th policies were in pla ‘+ A router with connectivity to the Internet is attached to the MPLS network. It may or may not inject Border Gateway Protocol (BGP) routes into the global routing table. Note: PE routers understand BGP. Routers such as the Gigabit Switch Router (GSR) (which performs as a Provider Core router) do not run BGP at all. ‘There is no requirement for a VRF to have a full routing table from the Internet (global BGP table} a static default route is put in a VRF pointing to the global next hop address of the IGW. ‘* A VPN customer uses a registered unique address range that is routable in the global Internet routing table. The method of access discussed in this document is not recommended where customers have only private addresses in their network. Conventions The: ¢ acronyms are used in this document: © CE ~ Customer Edge router * PE ~ Provider Edge router ‘© P Provider core router For more information on document conventions, refer to Cisco Technical Tips Conventions. Configure * You can refer to the Network Diagram for an illustration of this configuration. In this example, CE 1 and CE 2 are in the same VPN. They are configured under the customer! VRF, since there is no requirement for a VRF to have a full routing table from the Internet (as per the policies in the Background Theory section of this document). ‘+ A static default route is configured in the customer! VRF on CE I pointing to the IGW. By placing a static default route within the customer! VRF, packets that do not match any of the routes contained within customer! VRF will be sent to the IGW. Note: Since the Intemet gateway next hop 192.168.67.1 is not a part of the customer! VRF, a default route is configured under the customer! VRF pointing to the Internet gateway interface s8/0 IP 192.168.67.1. The route fo 192.168.67.1 does not lie within customer! VRF, so you need to have a global keyword within the static default route configured under customer! VRF. The global keyword specifies that the next hop address of the static route is resolved within the global routing table, not within the the customer! VRF. ‘The following is an example of the static route. 4p route vrf customer! 0.0.0.0 0.0.0.0 192.168.67.1 global Having a static route with a global keyword in the customer! VRF ensures that all packets destined to the Internet are routed to the Internet gateway and subsequently to the Internet. Note: The default route in PE 1 is configured to point to the serial interface IP address of the Intemet gateway (192.168.67.1) and not to the loopback address (10.1.1.6). This avoids blackholing the routes in the event of connectivity failure between the Internet gateway and the Internet (R7). Ifthe default route is pointed to the loopback address of the Internet gateway and the connectivity between the Internet gateway-R7 breal the packets would continue to route to the Internet gateway. This happens because the loopback address remains up (unlike 192.168.67.1 which is withdrawn from the global routing table when interface s8/0 goes, down) and the default route continues to exist in the routing table, ‘The next step is to ensure that packets coming back from the Internet to destination CE 1 network 11.11.11.0124, are routed from the Internet gateway to PE 1 and to CE 1 through the MPLS core. This is achieved by configuring a static route for the CE I network pointing to the Serial 8/0 interface in the global routing table on PE 1. Redistribute it into the Open Shortest Path First (OSPF) so that the Internet gateway has that route in its global routing table. This allows the Internet gateway to route all packets coming from the Internet to PE 1, and to the final destination beyond CE 1 ‘The following example is the ip route command used in configuration on PE 1 ip route 11.11.11.0 255.255.255.0 Serialé/0 192.168.10.2 Note: The above static route configured in the global routing table is in addition to the static route configured within the customer! VRF, which is used for VPN Network Layer Reachability Information (NLRI). On PE 1, itis configured as shown as below. ip route vrf customer] 11.11.11.0 255.255.255.0 192.168.10.1 Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) Network Diagram This document uses the network setup shown in the diagram below. New) 82 16067 5/90

You might also like