+++++++++++++++++++++++++++++++++++++++++++++ 1. MPLS - A. Inter-VRF Communication B. VPNv6 2. QoS 3. Multicast Routing +++++++++++++++++++++++++++++++++++++++++++++ ************************************************* Lab 1 - Inter-VRF Communication (Route Leaking) ************************************************* ================================================================================ 1. Configure MPLS VPN to connect CUST-A & CUST-B to their own respective sites ================================================================================ --------------------------------------------- 1. SP Underlay IGP --------------------------------------------- ------ R1 ------ router isis net 49.0000.0000.0000.0001.00 is-type level-2 metric-style wide ! Interface E 0/0 ip router isis ! Interface loopback0 ip router isis ------ R2 ------ router isis net 49.0000.0000.0000.0002.00 is-type level-2 metric-style wide ! Interface E 0/0 ip router isis ! Interface E 0/1 ip router isis ! Interface loopback0 ip router isis ------ R3 ------ router isis net 49.0000.0000.0000.0003.00 is-type level-2 metric-style wide ! Interface E 0/0 ip router isis ! Interface E 0/1 ip router isis ! Interface loopback0 ip router isis ------ R4 ------ router isis net 49.0000.0000.0000.0004.00 is-type level-2 metric-style wide ! Interface E 0/0 ip router isis ! Interface loopback0 ip router isis --------------------------------------------- 2. Configure MPLS Unicast Routing using LDP --------------------------------------------- ------ R1 ------ mpls ldp router-id Loopback0 ! Interface E 0/0 mpls ip ------ R2 ------ mpls ldp router-id Loopback0 ! Interface E 0/0 mpls ip ! Interface E 0/1 mpls ip ------ R3 ------ mpls ldp router-id Loopback0 ! Interface E 0/0 mpls ip ! Interface E 0/1 mpls ip ------ R4 ------ mpls ldp router-id Loopback0 ! Interface E 0/0 mpls ip --------------------------------------------- 3. Configure MP-BGP between the PE Routers --------------------------------------------- ------ R1 ------ router bgp 1000 neighbor 4.4.4.4 remote-as 1000 neighbor 4.4.4.4 update-source loopback0 ! address-family vpnv4 neighbor 4.4.4.4 activate ------ R4 ------ router bgp 1000 neighbor 1.1.1.1 remote-as 1000 neighbor 1.1.1.1 update-source loopback0 ! address-family vpnv4 neighbor 1.1.1.1 activate ----------------------------------------------------------------------------- 4. Configure the PE Router (VRF Definition, PE-CE Interface, PE-CE Routing) ----------------------------------------------------------------------------- ----- R1 ----- ++++++++++++++++++ CUST-A ++++++++++++++++++ vrf definition CUST-A rd 1000:1 address-family ipv4 route-target both 1000:1 ! Interface E 0/1 vrf forwarding CUST-A ip address 192.1.15.1 255.255.255.0 no shut ! router bgp 1000 address-family ipv4 vrf CUST-A neighbor 192.1.15.5 remote-as 65005 ++++++++++++++++++ CUST-B ++++++++++++++++++ vrf definition CUST-B rd 1000:2 address-family ipv4 route-target both 1000:2 ! Interface E 0/2 vrf forwarding CUST-B ip address 192.1.16.1 255.255.255.0 no shut ! router bgp 1000 address-family ipv4 vrf CUST-B neighbor 192.1.16.6 remote-as 65006 ------ R4 ------ ++++++++++++++++++ CUST-A ++++++++++++++++++ vrf definition CUST-A rd 1000:1 address-family ipv4 route-target both 1000:1 ! Interface E 0/2 vrf forwarding CUST-A ip address 192.1.48.4 255.255.255.0 no shut ! router bgp 1000 address-family ipv4 vrf CUST-A neighbor 192.1.48.8 remote-as 65008 ++++++++++++++++++ CUST-B ++++++++++++++++++ vrf definition CUST-B rd 1000:2 address-family ipv4 route-target both 1000:2 ! Interface E 0/1 vrf forwarding CUST-B ip address 192.1.47.4 255.255.255.0 no shut ! router bgp 1000 address-family ipv4 vrf CUST-B neighbor 192.1.47.7 remote-as 65007 ----------------------------------------------------------------------------- 5. Configure the CE Router ----------------------------------------------------------------------------- ----- R5 ----- router bgp 65005 network 10.1.1.0 mask 255.255.255.0 network 10.5.5.0 mask 255.255.255.0 neighbor 192.1.15.1 remote-as 1000 ----- R6 ----- router bgp 65006 network 10.1.1.0 mask 255.255.255.0 network 10.6.6.0 mask 255.255.255.0 neighbor 192.1.16.1 remote-as 1000 ----- R7 ----- router bgp 65007 network 10.2.2.0 mask 255.255.255.0 network 10.7.7.0 mask 255.255.255.0 neighbor 192.1.47.4 remote-as 1000 ----- R8 ----- router bgp 65008 network 10.2.2.0 mask 255.255.255.0 network 10.8.8.0 mask 255.255.255.0 neighbor 192.1.48.4 remote-as 1000 ================================================================================ 2. Configure Inter-VRF Communications between CUST-A & CUST-B ================================================================================ --------------------------------------------------------------------------------- 1. Configure the specific network with Common RT values and import them mutually --------------------------------------------------------------------------------- ----- R1 ----- ++++++++++++++++++++++++++++++++++ Configure the ACLs ++++++++++++++++++++++++++++++++++ access-list 1 permit 10.5.5.0 0.0.0.255 ! access-list 2 permit 10.6.6.0 0.0.0.255 ++++++++++++++++++++++++++++++++++ Set the Common RT based on the ACL ++++++++++++++++++++++++++++++++++ route-map EM-CUST-A match ip address 1 set extcommunity rt 1000:99 ! route-map EM-CUST-B match ip address 2 set extcommunity rt 1000:99 +++++++++++++++++++++++++++++++++++++++++ Configure the VRF to use the Export Map +++++++++++++++++++++++++++++++++++++++++ vrf definition CUST-A address-family ipv4 export map EM-CUST-A ! vrf definition CUST-B address-family ipv4 export map EM-CUST-B +++++++++++++++++++++++++++++++++++++++++++++++ Configure the VRF to use Import the Common RT +++++++++++++++++++++++++++++++++++++++++++++++ vrf definition CUST-A address-family ipv4 route-target import 1000:99 ! vrf definition CUST-B address-family ipv4 route-target import 1000:99 ----- R4 ----- ++++++++++++++++++++++++++++++++++ Configure the ACLs ++++++++++++++++++++++++++++++++++ access-list 1 permit 10.8.8.0 0.0.0.255 ! access-list 2 permit 10.7.7.0 0.0.0.255 ++++++++++++++++++++++++++++++++++ Set the Common RT based on the ACL ++++++++++++++++++++++++++++++++++ route-map EM-CUST-A match ip address 1 set extcommunity rt 1000:99 ! route-map EM-CUST-B match ip address 2 set extcommunity rt 1000:99 +++++++++++++++++++++++++++++++++++++++++ Configure the VRF to use the Export Map +++++++++++++++++++++++++++++++++++++++++ vrf definition CUST-A address-family ipv4 export map EM-CUST-A ! vrf definition CUST-B address-family ipv4 export map EM-CUST-B +++++++++++++++++++++++++++++++++++++++++++++++ Configure the VRF to use Import the Common RT +++++++++++++++++++++++++++++++++++++++++++++++ vrf definition CUST-A address-family ipv4 route-target import 1000:99 ! vrf definition CUST-B address-family ipv4 route-target import 1000:99 ************************************************* Lab 2 - Configuring VPNv6 ************************************************* ------------ Full Config ------------ 1. SP Core - IGP (IPv4) - Done 2. LDP - Based on IPv4 IGP - Done 3. Configure MP-BGP - Address-family VPNv6 4. Configure the PE VRF - Address-family IPv6 5. Configure the CE Router for IPv6 --------------------------------- 1. SP Core - IGP (IPv4) - Done --------------------------------- --------------------------------- 2. LDP - Based on IPv4 IGP - Done --------------------------------- -------------------------------------------- 3. Configure MP-BGP - Address-family VPNv6 -------------------------------------------- ---- R1 ---- ipv6 unicast-routing ! router bgp 1000 neighbor 4.4.4.4 remote-as 1000 neighbor 4.4.4.4 update-source loopback0 ! address-family vpnv6 neighbor 4.4.4.4 activate ---- R4 ---- ipv6 unicast-routing ! router bgp 1000 neighbor 1.1.1.1 remote-as 1000 neighbor 1.1.1.1 update-source loopback0 ! address-family vpnv6 neighbor 1.1.1.1 activate ----------------------------------------------- 4. Configure the PE VRF - Address-family IPv6 ----------------------------------------------- ---- R1 ---- vrf definition CUST-A address-family ipv6 route-target both 1000:1 ! Interface E 0/1 ipv6 address FC00:192:1:15::1/64 ! router bgp 1000 address-family ipv6 vrf CUST-A neighbor FC00:192:1:15::5 remote-as 65005 neighbor FC00:192:1:15::5 activate ---- R4 ---- vrf definition CUST-A address-family ipv6 route-target both 1000:1 ! Interface E 0/2 ipv6 address FC00:192:1:48::4/64 ! router bgp 1000 address-family ipv6 vrf CUST-A neighbor FC00:192:1:48::8 remote-as 65008 neighbor FC00:192:1:48::8 activate ----------------------------------------------- 5. Configure the CE - Address-family IPv6 ----------------------------------------------- ----- R5 ----- Ipv6 unicast-routing ! Interface loopback0 ipv6 address fc00:10:5:5::5/64 ! Interface loopback1 ipv6 address fc00:10:1:1::1/64 ! Interface E0/0 ipv6 address fc00:192:1:15::5/64 ! router bgp 65005 ! address-family ipv6 neighbor fc00:192:1:15::1 remote-as 1000 neighbor fc00:192:1:15::1 activate network fc00:10:1:1::/64 network fc00:10:5:5::/64 ----- R8 ----- Ipv6 unicast-routing ! Interface loopback0 ipv6 address fc00:10:8:8::8/64 ! Interface loopback1 ipv6 address fc00:10:2:2::2/64 ! Interface E0/0 ipv6 address fc00:192:1:48::8/64 ! router bgp 65008 ! address-family ipv6 neighbor fc00:192:1:48::4 remote-as 1000 neighbor fc00:192:1:48::4 activate network fc00:10:2:2::/64 network fc00:10:8:8::/64 ************************************************* Lab 3 - QoS - Policing ************************************************* Requirement: R1 would like to control the FTP & TFTP traffic going from R1 towards R2 to 2mbps. The exceeding traffic should be dropped ---- R1 ---- ! 1. Classify the Traffic access-list 101 permit tcp any any eq 20 access-list 101 permit tcp any any eq 21 access-list 101 permit udp any any eq 69 ! class-map CM-FTP match access-group 101 ! 2. Specify the Action policy-map PM-QOS class CM-FTP police 2000000 ! 3. Apply the Policy Map to the Interface Interface E 0/0 service-policy output PM-QOS ************************************************* Lab 4 - QoS - Shaping ************************************************* Requirement: R3 would like to send traffic from R3 towards R4 at a rate of 5mbps to conform to the average speed the SP is providing. ---- R3 ---- ! 1. Classify the Traffic access-list 101 permit ip any any ! class-map CM-ALL match access-group 101 ! 2. Specify the Action policy-map PM-QOS class CM-ALL shape average 5m ! 3. Apply the Policy Map to the Interface Interface E 0/0 service-policy output PM-QOS ************************************************* Lab 5 - QoS - Bandwidth Reservation ************************************************* Requirement: R4 would like to reserve bandwidth for 2 Business Criticial applications based on the following: Web Traffic - (TCP/80 or 443) - 20% DB Traffic - TCP/1521 - 25% ---- R4 ---- ! 1. Classify the Traffic access-list 101 permit tcp any any eq 80 access-list 101 permit tcp any any eq 443 ! access-list 102 permit tcp any any eq 1521 ! class-map CM-WEB match access-group 101 ! class-map CM-DB match access-group 102 ! 2. Specify the action policy-map PM-QOS class CM-WEB bandwidth percent 20 class CM-DB bandwidth percent 25 ! 3. Apply the Policy Map to the Interface Interface E 0/0 service-policy output PM-QOS ****************************************************** Lab 6 - QoS - Low Latency Queuing/Priority Queuing ****************************************************** Requirement: R4 would like to prioritize MGMT Traffic (SSH & Telnet). It should reserve 10% of the bandwidth ! 1. Classify the Traffic access-list 103 permit tcp any any eq 22 access-list 103 permit tcp any any eq 23 ! class-map CM-MGMT match access-group 103 ! 2. Specify the action policy-map PM-QOS class CM-MGMT priority percent 10 ****************************************************** Lab 7 - QoS - NBAR with Nesting ****************************************************** Requirement: R5 would like to reserve 20% of the interface bandwidth for traffic originating from 5.0.0.0/8 network towards either kbits.live or cisco.com. ! 1. Classify the Traffic access-list 101 permit ip 5.0.0.0 0.255.255.255 any ! class-map match-any CM-URLS match protocol http url "kbits.live" match protocol http url "cisco.com" ! class-map CM-EXECS match access-group 101 match class-map CM-URLS ! 2. Specify the action policy-map PM-QOS class CM-EXECS bandwidth percent 20 ! 3. Apply the Policy Map to the interface Interface E 0/1 service-policy output PM-QOS policy-map PM-QOS class CM-MGMT priority percent 10