Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Configuring MPLS VPNs

Misconfiguration is a common cause of problems with MPLS VPNs. In this section, therefore, MPLS VPN configuration is discussed.

When configuring an MPLS VPN, there are three types of devices that must be configured, the CE router, the PE router, and the P router. The configuration of each of these devices is discussed in this section.

It may be useful to reference Figure 6-31 on page 476 while reading this section. Note, however, that not all configuration discussed in this section is illustrated.

Configuring the CE Router

Configuration of the CE router is standard—nothing special is required. The only restriction is that the routing protocol used between the CE and PE routers must currently be RIP version 2, EIGRP, OSPF, or EBGP. Static routes can also be used.

Configuring the PE Router

Configuration of the PE router is much more complicated than that of the CE router.

The 12 basic steps involved are summarized as follows:

Step 1

Configure the loopback interface to be used as the BGP update source and LDP router ID.

Step 2

Enable CEF.

Step 3

Configure the label distribution protocol.

Step 4

Configure the TDP/LDP router-id (optional).

Step 5

Configure MPLS on core interfaces.

Step 6

Configure the MPLS VPN backbone IGP.

Step 7

Configure global BGP parameters.

Step 8

Configure MP-BGP neighbor relationships.

Step 9

Configure the VRF instances.

Step 10

Configure VRF interfaces.

Step 11

Configure PE-CE routing protocols / static routes.

Step 12

Redistribute customer routes into MP-BGP.


The sections that follow examine each step in detail.

Step 1: Configure the Loopback Interface to Be Used as the BGP Update Source and LDP Router ID

A loopback interface should be configured to act as the update source for BGP sessions, as well as the LDP router ID.

Ensure that the IP address on the loopback interface is configured with a 32-bit mask. This will prevent a lot of problems later.

For example, if the IGP used in the MPLS backbone is OSPF, and the loopback interface is not configured with a 32-bit mask, the PE router will advertise a label binding for the loopback address with the mask as specified on the loopback interface. The route advertised in OSPF to neighboring routers, on the other hand, will include a 32-bit mask. This is because OSPF advertises loopback addresses with a 32-bit mask by default (irrespective of the configured mask). The neighboring routers (LSRs) will create a label binding that corresponds to the OSPF route advertised by the PE router (using the advertised 32-bit mask), but because the label binding advertised by the PE router uses the configured non-32-bit mask, an LSP failure will result.

There are two ways around this: either configure the loopback interface on the PE router with a 32-bit mask, or configure the ip ospf network point-to-point command on the loopback interface, which will cause OSPF to advertise the mask as it is actually configured.

It is also very important to configure just one update source for MP-BGP if you intend to configure MVPNs. More than one update source can break MVPN.

Example 6-1 shows the configuration of the loopback interface to be used as the BGP update source and LDP router ID.

Example 6-1 Configuration of the Loopback Interface

interface Loopback0
 ip address 10.1.1.1 255.255.255.255

It's good practice to allocate one address block to use for all PE router loopback interface addresses.

Note that PE router loopback addresses should not be summarized in the core because this will break LSPs within the MPLS backbone.

Step 2: Enable CEF

Be sure to enable CEF. If CEF is not enabled on the PE router, MPLS will not function.

Example 6-2 shows how to enable CEF on the router.

Example 6-2 Enabling CEF

ip cef [distributed]

Note the keyword distributed. This is used to enable distributed CEF (dCEF). dCEF is available on high-end platforms such as the 12000 GSR and 7500 series.

Step 3: Configure the LDP

If using LDP in the MPLS backbone, you should configure LDP next. Note that TDP is the default label distribution protocol on Cisco routers. Example 6-3 shows the global configuration of LDP as the label distribution protocol.

Example 6-3 Configuration of LDP as the Label Distribution Protocol

mpls label protocol ldp

Step 4: Configure the TDP/LDP Router ID (Optional)

The next step is to configure the TDP/LDP router ID. This step is optional, but it can make the troubleshooting process easier if you are able to easily identify TDP/LDP routers in the network.

Example 6-4 shows the configuration of the LDP router ID.

Example 6-4 Configuration of the LDP Router ID

mpls ldp router-id Loopback0 [force]

In Example 6-4, the IP address on interface loopback 0 is configured as the LDP router ID. Note the optional force keyword, which ensures that the IP address on interface loopback 0, and not the IP address of any other interface, becomes the LDP router ID.

If the LDP router ID is not explicitly configured as shown in Example 6-4, the LDP ID will become the highest loopback interface address or, in the absence of a loopback interface, the highest IP address configured on a physical interface. It is definitely a good idea to ensure that the LDP ID corresponds to a loopback interface because loopback interfaces are always in an up state.

Step 5: Configure MPLS on Core Interfaces

The next step is to enable MPLS on interfaces connected to other PE and P routers. Note that when MPLS is enabled on the first interface, it is also globally enabled on the router.

Example 6-5 shows the configuration of MPLS on core frame-mode interfaces.

Example 6-5 Configuring MPLS on Core Frame-Mode Interfaces

interface Serial4/0
 mpls ip

As previously mentioned, ATM interfaces can be configured for either frame-mode or cell-mode.

Frame-mode can be configured over ATM PVCs between edge LSRs. In this case, intervening ATM switches do not participate in MPLS at all and do not need to be MPLS-enabled.

Example 6-6 shows the configuration of an ATM interface for frame-mode MPLS.

Example 6-6 Configuration of Frame-mode MPLS on an ATM Interface

interface ATM3/0.1 point-to-point
 ip address 10.20.100.1 255.255.255.0
 pvc 1/50
 encapsulation aal5snap
 !
 mpls ip

In Example 6-6, MPLS is enabled on an ATM PVC with VPI/VCI 1/50. Note that the subinterface type is point-to-point and that the mpls ip command is configured on the subinterface.

ATM interfaces can also be configured for cell-mode MPLS. These interfaces are known as Label Controlled ATM (LC-ATM) interfaces.

Example 6-7 shows the configuration of cell-mode MPLS on an ATM interface of an IOS router.

Example 6-7 Configuration of Cell-Mode MPLS on an ATM Interface

interface ATM3/0.1 mpls
 ip address 10.20.90.1 255.255.255.0
 mpls ip

In Example 6-7, the subinterface type is mpls. Also note the command mpls ip on the subinterface itself.

When cell-mode MPLS is enabled on an ATM interface, a PVC with VPI/VCI 0/32 (by default) is automatically created for control plane traffic.

Step 6: Configure the MPLS VPN Backbone IGP

Although it is possible to use any IGP for IP reachability within the MPLS VPN backbone, IS-IS and OSPF are the two most commonly chosen because they are the only two IGPs that currently support MPLS traffic engineering.

The OSPF and IS-IS protocol configurations covered in the two sections that follow are only examples.

IS-IS

The configuration of IS-IS on the PE router is, to a large extent, standard.

Example 6-8 shows the configuration of IS-IS for IP reachability within the MPLS VPN backbone.

Example 6-8 Configuration of IS-IS as the MPLS VPN Backbone IGP

router isis 
 passive-interface Loopback0
 net 49.0001.0000.0000.0001.00
 is-type level-2-only
 metric-style wide

The router isis command enables IS-IS on the PE router.

Interface loopback 0 is then enabled for IS-IS using the passive-interface loopback0 command. Note that because the interface is passive, no IS-IS packets are needlessly sent on the interface.

Be sure to advertise the BGP update source into the IS-IS. If the update source is not advertised, MPLS VPNs will break.

The third command in the configuration is net 49.0001.0000.0000.0001.00. This is used to configure the network entity title (NET). 49.0001 is the area ID, 0000.0000.0001 is the system ID, and .00 is the selector value.

The next command, is-type level-2-only, configures the PE router as a Level 2 (backbone) router only.

Finally, the command metric-style wide configures the router to send and to receive only new style 24- or 32-bit metrics. Support for new style metrics are essential if you are intending to use MPLS traffic engineering.

Ensure that all IS-IS routers in the backbone are configured to support standard or wide metrics (or both). IS-IS must also be enabled on each of its core interfaces.

Example 6-9 shows the configuration of IS-IS on core interfaces.

Example 6-9 Configuration of IS-IS on Core Interfaces

interface FastEthernet1/0
 ip router isis 

In Example 6-9, IS-IS for IP is enabled on interface FastEthernet1/0 using the command ip router isis.

OSPF

OSPF configuration for the backbone is, again, fairly standard.

Example 6-10 shows the configuration of OSPF for IP reachability within the MPLS VPN backbone.

Example 6-10 Configuration of OSPF as the MPLS VPN Backbone IGP

router ospf 100
 passive-interface Loopback0
 network 10.0.0.0 0.255.255.255 area 0

The command router ospf 100 enables OSPF process 100 on the PE router.

All backbone interfaces in network 10.0.0.0/8 are placed in OSPF area 0 using the network 10.0.0.0 0.255.255.255 area 0 command.

Finally, the passive-interface Loopback0 prevents the sending of OSPF packets on interface loopback 0.

Be sure to advertise the BGP update source into OSPF. If the update source is not advertised, MPLS VPNs will break.

Note that if your network consists of ATM-LSRs, make sure that summarization of IGP routes is not configured on P routers. This is because ATM-LSRs have no "IP intelligence" on the data plane.

Step 7: Configure Global BGP Parameters

MP-BGP is used to advertise customer routes across the MPLS VPN backbone between PE routers. The configuration of MP-BGP is a two-step process, with neighbors being configured globally and then activated for MP-BGP route exchange under the VPNv4 (VPN-IPv4) address family.

Example 6-11 shows global BGP configuration on the PE router.

Example 6-11 Global BGP Configuration on the PE Router

router bgp 64512
 no synchronization
 neighbor 10.1.1.4 remote-as 64512
 neighbor 10.1.1.4 update-source Loopback0
 neighbor 10.1.1.6 remote-as 64512
 neighbor 10.1.1.6 update-source Loopback0
 no auto-summary

The first command, router bgp autonomous_system, enables BGP on the PE router.

Global IGP synchronization is then disabled using the no synchronization command.

The command neighbor ip_address remote-as autonomous_system configures the IP address and autonomous system of the remote PE router or route reflector.

Next comes the neighbor ip_address update-source Loopback0. This configures interface loopback 0 as the update source for the BGP session.

It is highly recommended that a single interface (preferably with a 32-bit mask) be configured as the MP-BGP update source. Not doing so might result in broken MPLS VPNs and MVPNs.

The command no auto-summary is used to ensure that routes redistributed into BGP (via the redistribute command) are not summarized at major network boundaries.

One other command that might be useful on the PE router is the no bgp default ipv4-unicast command, which disables the exchange of global BGP (Internet) routes. Only MP-BGP, and not global BGP, routes are required for MPLS VPN functionality.

Step 8: Activate MP-BGP Neighbors

MP-BGP is used for the exchange of VPN routes between the PE routers. MP-BGP route exchange must be activated under the VPNv4 address family.

Example 6-12 shows the activation of MP-BGP route exchange.

Example 6-12 Activation of MP-BGP Route Exchange

router bgp 64512
!
address-family vpnv4
 neighbor 10.1.1.4 activate
 neighbor 10.1.1.4 send-community extended
 neighbor 10.1.1.6 activate
 neighbor 10.1.1.6 send-community extended
 no auto-summary
 exit-address-family

The command address-family vpnv4 is used to enter the VPNv4 address family configuration mode.

The neighbor ip_address activate is used to activate MP-BGP route exchange.

The command neighbor ip_address send-community extended is configured by default and enables the exchange of BGP extended communities, such as route target and site of origin.

TIP

If you want BGP peers to also exchange standard BGP communities, you must use the keyword both in place of the extended keyword.

Finally, the command no auto-summary command specifies that redistributed routes should not be summarized at major network boundaries. This command is configured by default.

Note that if route reflectors are used for VPN route exchange between PE routers, ensure that they are also configured for MP-BGP route exchange between route reflector clients.

Step 9: Configure the VRF Instances

The next step is the configuration of the VRFs, as demonstrated in Example 6-13.

Example 6-13 Configuration of a VRF

ip vrf mjlnet_VPN
 rd 64512:100
 route-target export 64512:100
 route-target import 64512:100

The first line of the configuration enables a VRF named mjlnet_VPN.

Step 10: Configure VRF Interfaces

After configuring the VRF, the next step is to associate customer interfaces with it.

Example 6-14 shows the configuration of VRF interfaces on PE routers.

Example 6-14 Configuration of VRF Interfaces

interface Serial4/1
 ip vrf forwarding mjlnet_VPN

The ip vrf forwarding mjlnet_VPN command associates an interface with a customer VRF. In this case, interface serial 4/1 is associated with VRF mjlnet_VPN.

Step 11: Configure PE-CE Routing Protocols / Static Routes

Configuration of the PE-CE routing protocol varies according to whether RIP version 2, EIGRP, OSPF, or EBGP is being used. Static routes can also be used for PE-CE connectivity.

The sections that follow describe configuration of the various PE-CE routing protocols.

RIP Version 2

When configuring RIP version 2 for PE-CE routing, most of the configuration is under the IPv4 address family. Example 6-15 shows the configuration of RIP version 2 for PE-CE routing.

Example 6-15 Configuration of RIP Version 2 for PE-CE Routing

router rip
 version 2
 !
 address-family ipv4 vrf mjlnet_VPN
 version 2
 redistribute bgp 64512 metric transparent
 network 172.16.0.0
 no auto-summary
 exit-address-family

The command router rip enables RIP on the PE router. RIP version 2 is then configured using the command version 2.

Next comes the address-family ipv4 vrf vrf_name command. RIP configuration for the VRF is configured under the IPv4 address family.

By specifying version 2 globally (directly under router rip), it is inherited by all the address families configured under RIP.

Under the address family, be sure to specify redistribution from (MP-BGP or BGP into RIP. Alternatively, you can originate a default route into RIP if it is a large network. Remember that customer routes are advertised between PE routers using MP-BGP. These routes are then imported into the customer VRFs. The command redistribute bgp autonomous_system metric transparent can then be used to redistribute these routes into RIP for advertisement to the attached customer site or sites.

Note the use of metric transparent. RIP metrics are preserved when they are advertised in MP-BGP (they are copied into the MED attribute), which ensures that these metrics are redistributed back into RIP unmodified.

Make sure that a metric, whether a specific metric or the keyword transparent, is configured when redistributing MP-BGP routes into RIP. If one is not specified, the routes may not be redistributed.

The rest of the configuration is pretty standard stuff, with the network command used to specify the networks enabled for RIP, and the no-auto-summary command used to ensure that networks are not summarized at major network boundaries. Note that no auto-summary is on by default under the address family.

EIGRP

Configuration of EIGRP is similar to RIP, with most parameters configured under the IPv4 address-family.

Example 6-16 shows a sample configuration of EIGRP for PE-CE routing.

Example 6-16 Configuration of EIGRP for PE-CE Routing

router eigrp 10
 no auto-summary
 !
 address-family ipv4 vrf mjlnet_VPN
 redistribute bgp 64512 metric 1 1 255 1 1500
 network 172.16.0.0
 no auto-summary
 autonomous-system 100
 exit-address-family

The router eigrp 10 command enables EIGRP autonomous system 10 on the PE router.

The second command is no auto-summary. This ensures that networks are not summarized at major network boundaries.

The configuration of EIGRP for PE-CE connectivity itself is specified under an IPv4 address-family (address-family ipv4 vrf vrf_name). Each customer VRF requires a separate address family.

The configuration under the IPv4 address family starts with redistribution of MP-BGP routes from other customer sites into EIGRP using redistribute bgp autonomous_system metric metric (bandwidth, delay, reliability, load, and MTU). Make sure that you specify a metric when redistributing MP-BGP routes into EIGRP. If one is not specified, redistribution may fail. Next is the network command, which is used to specify the networks enabled for EIGRP. The no auto-summary command is configured by default under the address family.

The final command under the address family is autonomous-system autonomous_system. This is the EIGRP autonomous system number for the customer VPN. If this is not the same as that configured as that on the CE router, then no adjacency will be formed.

OSPF

When configuring OSPF, a separate OSPF process must be configured for each customer VRF running OSPF as the PE-CE routing protocol.

Example 6-17 shows the configuration of OSPF for customer site routing.

Example 6-17 Configuration of OSPF for PE-CE Routing

router ospf 100 vrf mjlnet_VPN
 redistribute bgp 64512 subnets
 network 172.16.4.0 0.0.0.255 area 0

The first command in the configuration is router ospf process_ID vrf vrf_name. In this case, OSPF process 100 is configured for VRF mjlnet_VPN.

The third command is redistribute bgp autonomous_system subnets. This is used to configure redistribution of MP-BGP (routes from remote sites) into OSPF. Note the subnets keyword. This ensures that subnets, and not just major networks, are redistributed.

EBGP

Configuration of EBGP for PE-CE connectivity is pretty straightforward. Again, most of the configuration is under the IPv4 address family.

Example 6-18 shows the configuration of EBGP for PE-CE routing.

Example 6-18 Configuration of EBGP for PE-CE Routing

router bgp 64512
!
address-family ipv4 vrf mjlnet_VPN
 neighbor 172.16.4.2 remote-as 65001
 neighbor 172.16.4.2 activate
 no auto-summary
 no synchronization
 exit-address-family

The address-family ipv4 vrf vrf_name command is used to enter the IPv4 address family configuration mode.

The first command under the IPv4 address family is neighbor ip_address remote-as autonomous_system. This configures the IP address and autonomous system of the CE router.

Next is neighbor ip_address activate. This activates the BGP session with the CE router.

Finally, the no auto-summary and no synchronization commands are used to disable auto summarization at major network boundaries for routes redistributed via the redistribute command into BGP, and to disable IGP synchronization. These two commands are enabled by default.

Note that unlike for other PE-CE routing protocols, redistribution is unnecessary from MP-BGP into EBGP.

Static Routes

Static routes can also be used for PE-CE connectivity. Example 6-19 shows configuration of static routes for PE-CE connectivity.

Example 6-19 Configuration of Static Routes for PE-CE Connectivity

ip route vrf mjlnet_VPN 172.16.1.0 255.255.255.0 172.16.4.2 [permanent]

Configuration of static routes is the same as that for regular static routes with the network, mask, and next-hop specified. The vrf keyword must be used, however, to ensure that the static route is placed in the VRF specified (in this case, mjlnet_VPN).

Note also the permanent keyword. This can optionally be used to ensure that the route will remain in the VRF even if reachability to the next hop is lost. This can be important for stability when redistributing static routes into MP-BGP.

Step 12: Redistribute Customer Routes into MP-BGP

The final step is to configure the redistribution of customer routes into MP-BGP, as demonstrated in Example 6-20.

Example 6-20 Redistribution of Customer Routes into MP-BGP

router bgp 64512
!
address-family ipv4 vrf mjlnet_VPN
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family

The address-family ipv4 vrf vrf_name command is used to enter the IPv4 address family configuration mode.

The redistribute rip command is used to redistribute customer RIPv2 routes into MP-BGP.

If the PE-CE routing protocol is EIGRP, the command redistribute eigrp autonomous_system is used. Ensure that the autonomous system number configured corresponds to that specified under the EIGRP IPv4 address family.

For OSPF, the command redistribute ospf process_ID match internal external 1 external 2 can be used. Note that in this case, internal and external type 1 and 2 routes are redistributed.

Finally, if static routes are being used, the command redistribute static can be used. It is also worth noting that if EBGP is being used, redistribution is not required.

Finally, the no auto-summary and no synchronization commands are defaults that specify that redistributed routes should not be summarized at major network boundaries, and that synchronization should be disabled.

That concludes the configuration of the PE router.

PE Router Sample Configuration

Example 6-21 shows a complete sample configuration of a PE router.

Example 6-21 Complete Sample Configuration of a PE Router

Chengdu_PE#show running-config
Building configuration...
Current configuration : 3434 bytes
!
version 12.0
service nagle
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Chengdu_PE
!
logging buffered 16384 debugging
enable secret 5 $1$4pDG$mVThUgDZG33pNYZ20.UKU/
!
ip subnet-zero
no ip source-route
!
! Enable Cisco Express Forwarding (CEF)
ip cef
!
!
no ip finger
no ip bootp server
!
! Configure the VPN Routing and Forwarding (VRF) instances
ip vrf mjlnet_VPN
 rd 64512:100
 route-target export 64512:100
 route-target import 64512:100
!
ip vrf cisco_VPN
 rd 64512:200
 route-target export 64512:200
 route-target import 64512:200
!
! Configure the label distribution protocol
mpls label protocol ldp
no mpls traffic-eng auto-bw timers frequency 0
!
! Configure the TDP/LDP router-id (tag-switching tdp router-id = mpls ldp router-id)
tag-switching tdp router-id Loopback0 force
!
! Configure the loopback interface to be used as the BGP update source and LDP router ID
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
 no ip directed-broadcast
!
! Configure MPLS on core interfaces
interface FastEthernet1/0
 ip address 10.20.10.1 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 ip router isis
 tag-switching ip
 no cdp enable
!
! Configure VRF interfaces
interface Serial4/1
 ip vrf forwarding mjlnet_VPN
 ip address 172.16.4.1 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 encapsulation ppp
 no cdp enable
!
interface Serial4/2
 ip vrf forwarding cisco_VPN
 ip address 192.168.4.1 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 no cdp enable
!
! Configure PE-CE routing protocol for cisco_VPN
router ospf 200 vrf cisco_VPN
 log-adjacency-changes
 redistribute bgp 64512 subnets
 network 192.168.4.0 0.0.0.255 area 0
!
! Configure the MPLS VPN backbone IGP
router isis
 passive-interface Loopback0
 net 49.0001.0000.0000.0001.00
 is-type level-2-only
 metric-style wide
!
! Configure PE-CE routing protocol for mjlnet_VPN
router rip
 version 2
 !
 address-family ipv4 vrf mjlnet_VPN
 version 2
 redistribute bgp 64512 metric transparent
 network 172.16.0.0
 no auto-summary
 exit-address-family
!
! Configure basic BGP parameters
router bgp 64512
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.1.1.4 remote-as 64512
 neighbor 10.1.1.4 update-source Loopback0
 neighbor 10.1.1.6 remote-as 64512
 neighbor 10.1.1.6 update-source Loopback0
 no auto-summary
 !
 ! Configure MP-BGP neighbor relationships
 address-family vpnv4
 neighbor 10.1.1.4 activate
 neighbor 10.1.1.4 send-community extended
 neighbor 10.1.1.6 activate
 neighbor 10.1.1.6 send-community extended
 no auto-summary
 exit-address-family
 !
! Redistribute customer routes into MP-BGP
 address-family ipv4 vrf cisco_VPN
 redistribute ospf 200 match internal external 1 external 2
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf mjlnet_VPN
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
!
logging trap debugging
!
!
line con 0
 exec-timeout 0 0
 password 7 1511021F0725
 login
line aux 0
line vty 0 4
 password 7 110A1016141D
 login
!
end

You might notice that a number of commands discussed in this section are not immediately apparent in the configuration shown in Example 6-21. An example is the mpls ip command. In fact, the mpls keyword is translated into the tag-switching keyword. This allows backward compatibility with versions of the Cisco IOS software that do not support the mpls keyword.

The only exception to this is the mpls label protocol command, which remains in its original form.

Configuring the P Router

Configuration of P routers is, by comparison with that of PE routers, very simple.

The six basic steps in the configuration are as follows:

Step 1

Configure the loopback interface to be used as the LDP router ID.

Step 2

Enable CEF.

Step 3

Configure the label distribution protocol.

Step 4

Configure the TDP/LDP router ID (optional).

Step 5

Configure MPLS on core interfaces.

Step 6

Configure IS-IS or OSPF as the MPLS VPN backbone IGP.


As you can see, these six steps are identical to the first six steps for the configuration of the PE router. Please refer to the previous section for an explanation of each of these steps.

Example 6-22 shows a complete sample configuration of a P router.

Example 6-22 Complete Sample Configuration of a P Router

Chengdu_P#show running-config
Building configuration...
Current configuration : 1991 bytes
!
version 12.0
service nagle
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Chengdu_P
!
logging buffered 16384 debugging
no logging console
enable secret 5 $1$4pDG$mVThUgDZG33pNYZ20.UKU/
!
ip subnet-zero
no ip source-route
!
! Enable Cisco Express Forwarding (CEF)
ip cef
!
!
no ip finger
no ip bootp server
!
! Configure the label distribution protocol
mpls label protocol ldp
no mpls traffic-eng auto-bw timers frequency 0
!
! Configure the TDP/LDP router-id
tag-switching tdp router-id Loopback0 force
!
! Configure the loopback interface to be used as the LDP router id
interface Loopback0
 ip address 10.1.1.2 255.255.255.255
 no ip directed-broadcast
!
! Configure MPLS on core interfaces
interface FastEthernet1/0
 ip address 10.20.10.2 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 ip router isis
 tag-switching ip
 no cdp enable
!
interface Serial1/0
 ip address 10.20.20.1 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 ip router isis
 encapsulation ppp
 tag-switching ip
 no fair-queue
 no cdp enable
!
interface Serial1/1
 ip address 10.20.40.1 255.255.255.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 ip router isis
 encapsulation ppp
 tag-switching ip
 no fair-queue
 no cdp enable
!
!
! Configure IS-IS as the MPLS VPN backbone IGP
router isis
 passive-interface Loopback0
 net 49.0001.0000.0000.0002.00
 is-type level-2-only
 metric-style wide
!
ip classless
!
logging trap debugging
!
line con 0
 exec-timeout 0 0
 password 7 1511021F0725
 login
line aux 0
line vty 0 4
 password 7 110A1016141D
 login
!
end

Notice again that the mpls keyword has been converted into the tag-switching keyword for backward compatibility. This completes the configuration of MPLS VPNs.

  • + Share This
  • 🔖 Save To Your Account