NextGenNetworking: Extranet VPN

Same IP address scheme.

Here we are going to show how to have Extranet VPN. R5 and R6 are the HQ for VPN A and VPN B respectively.

In this situation what we are doing is R6 generated prefix and R5 generated prefix will be get exchange between the HQ but the R7 and R8 should not reach out of their VPN site's.

Yes you understood correctly we have to create 3 VRF. So why to wait lets configure it.

R1(config)#ip vrf A

R1(config-vrf)#rd 700:7

R1(config-vrf)#route-target export 700:700

R1(config-vrf)#route-target import 500:500

R1(config)#ip vrf B

R1(config-vrf)#rd 800:8

R1(config-vrf)#rou ex 800:800

R1(config-vrf)#rou im 600:600

Here first am going to configure VPN A site.

R1(config)#int s1/0

R1(config-if)#ip vrf for A

Lets run BGP as PE-CE Routing.

R1(config)#router bgp 100

R1(config-router)#address-family ipv4 vrf A

R1(config-router-af)#neighbor 11.0.0.5 remot 65031

R7(config)#router bgp 65031

R7(config-router)#neighbor 11.0.0.6 remot 100

R7(config-router)#net 70.0.0.0 mask 255.255.255.0

That’s it finish now check the neighborship and routing table.

R1#sh ip bgp vpnv4 vrf A summary | be Ne

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

11.0.0.5 4 65031 7 6 2 0 0 00:02:19 1

See we are getting the prefix. Now lets enable the VPN B also.

R1(config)#router eigrp 1

R1(config-router)#address-family ipv4 vrf B

R1(config-router-af)#network 11.0.0.0 0.0.0.3

R1(config-router-af)#no au

R1(config-router-af)#autonomous-system 10

R8(config)#router eigrp 10

R8(config-router)#net 11.0.0.0 0.0.0.3

R8(config-router)#no au

R8(config-router)#net 80.0.0.0 0.0.0.255

Lets check the neighborship

R1#sh ip eigrp vrf B neighbors

IP-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 11.0.0.1 Se1/1 11 00:02:37 82 492 0 4

Now come the difficult part we already knew that only one interface can belong to only one VRF instance. Then how to make it work its very simple check it out.

R4(config)#ip vrf AB

R4(config-vrf)#rd 506:506

R4(config-vrf)#route-target export 500:500

R4(config-vrf)#route-target export 500:506

R4(config-vrf)#route-target im 700:700

R4(config-vrf)#route-target im 600:605

R4(config)#int s1/1

R4(config-if)#ip vrf for AB

R4(config-if)#ip add 11.0.0.9 255.255.255.252

R4(config)#router rip

R4(config-router)#add

R4(config-router)#address-family ipv

R4(config-router)#address-family ipv4 vr

R4(config-router)#address-family ipv4 vrf AB

R4(config-router-af)#net

R4(config-router-af)#network 11.0.0.8

R4(config-router-af)#no au

R4(config-router-af)#ver 2

R5(config)#router rip

R5(config-router)#net 11.0.0.0

R5(config-router)#net 50.0.0.0

R5(config-router)#no au

R5(config-router)#ver 2

Lets check the Routing table and confirm it.

R4#sh ip route vrf AB rip

50.0.0.0/24 is subnetted, 3 subnets

R 50.2.2.0 [120/1] via 11.0.0.10, 00:00:13, Serial1/1

R 50.1.1.0 [120/1] via 11.0.0.10, 00:00:13, Serial1/1

R 50.0.0.0 [120/1] via 11.0.0.10, 00:00:13, Serial1/1

Now lets create a VRF BA for site B.

R4(config)#ip vrf BA

R4(config-vrf)#rd 605:605

R4(config-vrf)#route-target export 600:600

R4(config-vrf)#route-target export 600:605

R4(config-vrf)#route-target import 800:800

R4(config-vrf)#route-target import 500:506

R4(config)#int s1/2

R4(config-if)#ip vrf forwarding BA

R4(config-if)#ip add 11.0.0.13 255.255.255.252

Am going to run OSPF as PE-CE routing

R4(config)#router ospf 10 vrf BA

R4(config-router)#network 11.0.0.12 0.0.0.3 area 0

R6(config)#router ospf 1

R6(config-router)#net 11.0.0.12 0.0.0.3 a 0

R6(config-router)#net 60.0.0.0 0.0.0.255 a 0

Lets check the neighborship for OSPF.

R4#sh ip ospf 10 ne

Neighbor ID Pri State Dead Time Address Interface

60.2.2.1 0 FULL/ - 00:00:38 11.0.0.14 Serial1/2

That’s it as we have designed the VRF export and import correctly so just by redistributing it everything will work fine. Lets configure and check it.

R1(config)#router eigrp 1

R1(config-router)#add

R1(config-router)#address-family v

R1(config-router)#address-family i

R1(config-router)#address-family ipv4 v

R1(config-router)#address-family ipv4 vrf B

R1(config-router-af)#red

R1(config-router-af)#redistribute bg

R1(config-router-af)#redistribute bgp 100

R1(config-router-af)#exi

R1(config-router)#exi

R1(config)#router bgp 100

R1(config-router)#add

R1(config-router)#address-family ipv

R1(config-router)#address-family ipv4 vr

R1(config-router)#address-family ipv4 vrf B

R1(config-router-af)#red

R1(config-router-af)#redistribute ei

R1(config-router-af)#redistribute eigrp 10 ?

metric Metric for redistributed routes

route-map Route map reference

<cr>

R1(config-router-af)#redistribute bgp 100 metric 1 1 1 1 1

R1(config-router-af)#

R4(config)#router rip

R4(config-router)#add

R4(config-router)#address-family ipv

R4(config-router)#address-family ipv4 v

R4(config-router)#address-family ipv4 vrf AB

R4(config-router-af)#red

R4(config-router-af)#redistribute bg

R4(config-router-af)#redistribute bgp 100 ?

metric Metric for redistributed routes

route-map Route map reference

<cr>

R4(config-router-af)#redistribute bgp 100

R4(config-router-af)#exi

R4(config-router)#exi

R4(config)#router bgp 100

R4(config-router)#add

R4(config-router)#address-family ipv

R4(config-router)#address-family ipv4 vr

R4(config-router)#address-family ipv4 vrf AB

R4(config-router-af)#red

R4(config-router-af)#redistribute ri

R4(config-router-af)#redistribute rip me

R4(config-router-af)#redistribute rip metric 5

R4(config-router-af)#^Z

R4#

R4#con

*Feb 19 08:43:22.923: %SYS-5-CONFIG_I: Configured from console by console

R4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R4(config)#router ospf 10 vrf BA

R4(config-router)#red

R4(config-router)#redistribute bgp

R4(config-router)#redistribute bgp 10

BGP is already running; AS is 100

R4(config-router)#redistribute bgp 100 su

R4(config-router)#redistribute bgp 100 subnets

R4(config-router)#exi

R4(config)#router bgp 100

R4(config-router)#add

R4(config-router)#address-family ipv

R4(config-router)#address-family ipv4 v

R4(config-router)#address-family ipv4 vrf BA

R4(config-router-af)#red

R4(config-router-af)#redistribute os

R4(config-router-af)#redistribute ospf 10 ?

match Redistribution of OSPF routes

metric Metric for redistributed routes

route-map Route map reference

vrf VPN Routing/Forwarding Instance

<cr>

R4(config-router-af)#redistribute ospf 10

That’s it lets check the routing table for the last verification

R5#sh ip route rip

70.0.0.0/24 is subnetted, 1 subnets

R 70.0.0.0 [120/5] via 11.0.0.9, 00:00:26, Serial1/0

11.0.0.0/30 is subnetted, 2 subnets

R 11.0.0.12 [120/5] via 11.0.0.9, 00:00:26, Serial1/0

60.0.0.0/32 is subnetted, 1 subnets

R 60.0.0.1 [120/5] via 11.0.0.9, 00:00:26, Serial1/0

R5#

R6#sh ip route ospf

50.0.0.0/24 is subnetted, 3 subnets

O E2 50.2.2.0 [110/5] via 11.0.0.13, 00:06:05, Serial1/0

O E2 50.1.1.0 [110/5] via 11.0.0.13, 00:06:05, Serial1/0

O E2 50.0.0.0 [110/5] via 11.0.0.13, 00:06:05, Serial1/0

80.0.0.0/24 is subnetted, 1 subnets

O E2 80.0.0.0 [110/2297856] via 11.0.0.13, 00:06:05, Serial1/0

11.0.0.0/30 is subnetted, 3 subnets

O E2 11.0.0.8 [110/1] via 11.0.0.13, 00:06:05, Serial1/0

O E2 11.0.0.0 [110/1] via 11.0.0.13, 00:06:05, Serial1/0

R6#

R7#sh ip route bgp

50.0.0.0/24 is subnetted, 3 subnets

B 50.2.2.0 [20/0] via 11.0.0.6, 00:06:35

B 50.1.1.0 [20/0] via 11.0.0.6, 00:06:35

B 50.0.0.0 [20/0] via 11.0.0.6, 00:06:35

11.0.0.0/30 is subnetted, 2 subnets

B 11.0.0.8 [20/0] via 11.0.0.6, 00:06:35

R7#

R8#sh ip route eigrp

11.0.0.0/30 is subnetted, 2 subnets

D EX 11.0.0.12 [170/2560512256] via 11.0.0.2, 00:03:52, Serial1/0

60.0.0.0/32 is subnetted, 1 subnets

D EX 60.0.0.1 [170/2560512256] via 11.0.0.2, 00:03:52, Serial1/0

R8#

} {

NextGenNetworking

Saturday 1 February 2020

Extranet VPN

No comments:

Post a Comment