Tuesday, February 2, 2016

L3VPN task #5. Central services.

Topology:



Use configuration from L3VPN task #4 as initial configuration for this task.

Requirements: 

1. On router R1, create a new loopback interface, loopback100 and configure its ipv4 address to             100.100.100.100/24. 
2. Routers R1 Loopback100 should be accessible from Customer A R6 loopback0 network                     192.168.6.6/32, and from Customer B R8 loopback0 network 10.10.8.0/24, but not from any other     networks.

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of Central services configuration for L3VPN, and "import-map" feature for selective route import into a VRF. 

On R1, create a new VRF and configure loopback100 under the new VRF. Route-target exported by new VRF is imported to CUST_A vrf on R5 and to CUST_B vrf on R3. 

On R1 new VRF configure route-target import for 48:1 and 67:1. In order to only import the listed prefixes into new VRF, also configure import-map, to only match on the specified prefixes (configured via prefix-lists).

Same technique can be used to allow Inter-VRF traffic between different customers. 

R1:


!
interface Loopback100
 vrf forwarding CENTRAL
 ip address 100.100.100.100 255.255.255.0
!
!
vrf definition CENTRAL
 rd 17:1
 route-target export 17:1
 route-target import 67:1
 route-target import 48:1
 !
 address-family ipv4
  import map IMPORT
 exit-address-family
!
!
ip prefix-list A seq 5 permit 192.168.6.6/32
!
ip prefix-list B seq 5 permit 10.10.8.0/24
!
route-map IMPORT permit 10
 match ip address prefix-list A
!
route-map IMPORT permit 20
 match ip address prefix-list B
!

R3:


!
vrf CUST_B
 address-family ipv4 unicast
  import route-target
   17:1
   48:1
  !
  export route-target
   48:1
  !
 !
!


R5:


!
vrf definition CUST_A
 rd 67:1
 route-target export 67:1
 route-target import 67:1
 route-target import 17:1
 !
 address-family ipv4
 exit-address-family
!

Verification:

R1#            show ip route vrf CENTRAL

Routing Table: CENTRAL
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/24 is subnetted, 1 subnets
B        10.10.8.0 [200/0] via 17.0.3.3, 00:18:07
      100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        100.100.100.0/24 is directly connected, Loopback100
L        100.100.100.100/32 is directly connected, Loopback100
      192.168.6.0/32 is subnetted, 1 subnets
B        192.168.6.6 [200/20] via 17.0.5.5, 00:19:07

R6#sh ip route isis
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      17.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
i L2     17.0.27.0/24 [115/10] via 17.0.56.5, 00:20:19, Ethernet0/0.56
      67.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
i L2     67.0.7.7/32 [115/10] via 17.0.56.5, 00:20:19, Ethernet0/0.56
      100.0.0.0/24 is subnetted, 1 subnets
i L2     100.100.100.0 [115/10] via 17.0.56.5, 00:16:05, Ethernet0/0.56
      192.168.7.0/32 is subnetted, 1 subnets
i L2     192.168.7.7 [115/10] via 17.0.56.5, 00:20:19, Ethernet0/0.56

R6#traceroute 100.100.100.100 source lo0
Type escape sequence to abort.
Tracing the route to 100.100.100.100
VRF info: (vrf in name/id, vrf out name/id)
  1 17.0.56.5 [AS 17] 5 msec 4 msec 5 msec
  2 100.100.100.100 5 msec 5 msec 5 msec

R8#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 17.0.38.3 to network 0.0.0.0

      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        10.10.4.0/24 [20/0] via 17.0.38.3, 00:21:16
      17.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        17.0.24.0/24 [20/0] via 17.0.38.3, 00:21:16
      48.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        48.0.4.0/24 [20/0] via 17.0.38.3, 00:21:16
      100.0.0.0/24 is subnetted, 1 subnets
B        100.100.100.0 [20/0] via 17.0.38.3, 00:15:09


R8#traceroute 100.100.100.100 source lo0
Type escape sequence to abort.
Tracing the route to 100.100.100.100
VRF info: (vrf in name/id, vrf out name/id)
  1 17.0.38.3 [AS 17] 1 msec 1 msec 1 msec
  2 100.100.100.100 [AS 17] 2 msec 3 msec 2 msec

No comments:

Post a Comment