case study - vsb.czwh.cs.vsb.cz/sps/images/a/a9/tps-casestudy-1516l.pdf · case study network...
Post on 07-Mar-2018
225 Views
Preview:
TRANSCRIPT
Student group 1
3 student groups,
9 students in lab in parallel
Internet IPv4 + IPv6
PEinet
Psp
Student group 2 Student group 3
Pwan
Gray devices are preconfigured
Service Provider’s MPLS/IPv4 core
IGP1 process 1 + LDP
+ router loopbacks
Corporate WAN MPLS/IPv4 core
IGP2 process 2 + LDP
+ router loopbacks
RSg1
PErr
AS 65001 Route Reflector
RSg2 RSg3
Rg1 Rg2 Rg3
Overview
RSg1
Student group g
Psp
Service Provider Core
Corporate WAN MPLS/IPv4 core
Interface Loopback 789
7.8.9.1/24, 2001:7:8:9::1/64
(simulates IPv4 and IPv6 Internet]
RSg2 RSg3
Pwan
Rg1 Rg3Rg2
S0/1/0
S0/1/1
Fa0/0
PErr
AS 65001 Route Reflector
... ...
2x3 Serial + 3x Ethernet (4ESW module interface fa0/1-3 vlan 4091-4093)
PEinet
1.1.100.0/30
.1
.2
1.1.gr.0/30
.1
.2
2.2.gr.0/30
.2
.1
2.2.100.0/30
.2
.1
2x3 Serial + 3x Ethernet (4ESW module interface fa0/1-3 vlan 4091-4093)
fa0/0
fa0/0
lo1: 1.99.g.r/32
RID 1.0.g.r
lo1: 1.99.99.10/32
RID 1.99.99.10
lo1: 1.99.99.1/32
RID 1.99.99.1
lo1: 2.99.99.10/32
RID 2.99.99.10
lo1: 2.99.99.1/32
RID 2.99.99.1
RID 100.0.g.r
Physical Topology
Rg1
VRF A
VRF A
VRF B
VRF B BGP AS 651gr
RSg1
4.g.r.1/24 vlan gr20
3.g.r.1/24 vlan gr10
RD 65001:99gr1
RT export 65001:gr1
RD 65001:99gr2
RT export 65001:gr2
.1.1
.2.2
RD 65001:88gr1
RD 65001:88gr2
RID 100.0.g.r
RID 1.0.g.r
BGP AS 65001
Branch Office Infra
Global
2001:AAAA:gr00::/64
VLAN gr30
RD 65001:99gr3
RT export 65001:gr3
:1
:2
:1
VRF V6
Internet
PEinet
P
PE
AS 65001
EBGP,
MPLS
tunnel
Internet IC VLAN gr0
100.g.r.0/30
RSgx:
Internet in global routing table (IPv4)
interface vlan gr0
Lo 789
7.8.9.1/24
Lo1
1.99.99.1/32
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
No traffic between Rg1-Rg3 via InternetGW - Rg1-Rg3 are in the same AS, EBGP loop prevention mechanism apply
AS 789
PE
AS 65001
PE
AS 65001
Static default route from VRF A via global
Static route from global to VRF A VLAN gr10
.1
.2
static0/0
stati toVRF A vlan gr10
RSg1 RSg2 RSg3
Rg1 Rg2 Rg3
Service Provider’s MPLS/IPv4 core
IGP1 process 1 + LDP
VRF A
Global
staticgr10
0/0
BGP-free
Core
Rg1
VRF A
VRF A
VRF B
VRF B AS 651gr
RSg1
Rg2
VRF A
VRF A
VRF B
VRF B
RSg2
Rg3
VRF A
VRF A
VRF B
VRF B
RSg3
i/e
4.g.r.0/24
vlan gr20
3.g.r.0/24
vlan gr10
RD 65001:99gr1
RT export 65001:gr1
RD 65001:99gr2
RT export 65001:gr2.1
.1
.2.2
RID 100.0.g.r
RID 0.1.g.r
PErr
Corporate WAN MPLS/IPv4 core
IGP2 process 2 + LDP
AS 65001 Pwan
Additional i/e between VPNs according to
parameters for student group
BGP Route Reflector
Lo1 2.99.99.1
IPv4 MPLS/VPN WAN
PMPLS/IPv4 core
IGP1 process 1 + LDP
VLAN g16
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
VRF A backup connectivity - RIPv2
RSg1 RSg2 RSg3
Rg1 Rg2 Rg3
VLAN g25
int vlan g2530.g.12.2/30
PW ID g23
VLAN g15 VLAN g26
int vlan g2630.g.23.1/30
VLAN g35 VLAN g36
int vlan g1530.g.13.1/30
int vlan g1630.g.12.1/30
int vlan g3530.g.23.2/30
int vlan g3630.g.13.2/30
VRF A VRF A VRF A
fa0/0.g15 fa0/0.g16 fa0/0.g25 fa0/0.g26 fa0/0.g35 fa0/0.g36
3.g.1.1/24 vlan g110 3.g.2.1/24 vlan g210 3.g.3.1/24 vlan g310
(Make AD for routes via AToM worse in case if
you run RIPv2 protocol also as VRF A MPLS/
VPN PE-CE IGP so that WANCore connectivity is
always preferred)
BGP RR
VRF A
AToM VRF A Backup
Different VLAN IDs are bridged together – PVST+ BPDUs containing VLAN # TLV needs to be filtered out
PMPLS/IPv4 core
IGP1 process 1 + LDP
VLAN g16
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
VRF A backup connectivity - RIPv2
RSg1 RSg2 RSg3
Rg1 Rg2 Rg3
VLAN g25
int vlan g2530.g.12.2/30
PW ID g23
VLAN g15 VLAN g26
int vlan g2630.g.23.1/30
VLAN g35 VLAN g36
int vlan g1530.g.13.1/30
int vlan g1630.g.12.1/30
int vlan g3530.g.23.2/30
int vlan g3630.g.13.2/30
VRF T VRF T VRF T
fa0/0.g16 fa0/0.g25 fa0/0.g26 fa0/0.g35 fa0/0.g36
VRF A VRF A VRF A
3.g.1.1/24 vlan g110 3.g.2.1/24 vlan g210 3.g.3.1/24 vlan g310
i/e i/e i/e
VRF T:
RD 65001:88gr4
RT export 65001:8gr4
VRF A:
RT export 65001:8gr1
VRF A
BGP RR
fa0/0.g15
AToM VRF A Backup – via VRF T
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
RSg1 RSg2 RSg3
Rg1 Rg2 Rg3
Service Provider’s MPLS/IPv4 core
Tun12 111.g.12.2/30
Tun23 111.g.23.1/30
Tun12 111.g.12.1/30
Tun13 111.g.13.1/30
VRF B
4.g.r.0/24
VRF B VRF B
VRF B VRF B VRF B
RIPv2
Tun23 111.g.23.2/30
Tun13 111.g.13.2/30
IKE phase 1: authentication pre-shared key: g, DES, MD5
IKE phase 2: ESP AES, SHA1
Redistribute BGP->RIP only local server subnet;
Redistribute RIP->BGP: set community tag
filter vpnv4 routes from Rgx to BGP RR based on tag
Set weight >32768 for all BGP routes from BGP RR to
override „locally-originated” routes injected from RIP>BGP
redistribution
BGP RR
IPv4 IPSec/GRE VRF B Backup
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
RSg1 RSg2 RSg3
Rg1 Rg2 Rg3
Service Provider’s MPLS/IPv4 core
VRF B
4.g.r.0/24
VRF B VRF B
VRF B VRF B VRF B
RIPv2
IKE phase 1: authentication pre-shared key: g, DES, MD5
IKE phase 2: ESP AES, SHA1
Redistribute BGP->RIP only local server subnet;
Redistribute RIP->BGP: set community tag
filter vpnv4 routes from Rgx to BGP RR based on tag
Set weight >32768 for all BGP routes from BGP RR to
override „locally-originated” routes injected from RIP>BGP
redistribution
BGP RR
IPv4 DMVPN VRF B Backup
DMVPN Spoke
tun100 112.g.0.1/24
multipoint
DMVPN Spoke
tun100 112.g.0.3/24
multipoint
DMVPN Hub
tun100 112.g.0.2/24
multipoint
802.1q
Internet
Internet
GW
P
802.1q 802.1q
PE
AS 65001
EBGP,
MPLS
tunnel
Internet IC VLAN gr0
2001:100:g:r::1/64
Internet in global routing table (IPv6)
interface vlan gr0
Lo 789
2001:7:8:9::1/64
Lo1
1.99.99.1/32
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
No direct connection between Rg1-Rg3 – BGP nexthop changed on InternetGWNo traffic between Rg1-Rg3 via InternetGW - Rg1-Rg3 in the same AS (BGP loop prevention mechanism apply)
AS 789
PE
AS 65001
PE
AS 65001
:1
:2
static ::0
RSg1 RSg2 RSg3
Rg1 Rg2 Rg3
Service Provider’s MPLS/IPv4 core
IGP1 process 1 + LDP
IPv6: local segments 2001:AAAA:gr00::/64 VLAN gr30
6PE
Rg1
Global
VRF V6
RSg1
Rg2
VRF V6
Global
RSg2
Rg3
VRF V6
Global
RSg3
2001:AAAA:gr00::/64
VLAN gr30
RD 65001:99gr3
RT export 65001:gr3
:1
:2
Corporate WAN MPLS/IPv4 core
IGP2 process 2 + LDP
AS 65001
P
:1
PErr
BGP Route Reflector
Lo1 2.99.99.1
6VPE over WANCore
::/0
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
Rg1 Rg2 Rg3
Service Provider’s MPLS/IPv4 core
tun200
multipoint
tun200
multipoint
tun200
multipoint
VRF V6VRF V6VRF V6
Use 1.99.x.x./32 loopbacks for tunnel source/destination
6to4:
interface tunnel200
tunnel mode ipv6ip 6to4
ipv6 address 2002:<Lo1IP>:cccc::1/64
…
ipv6 route 2001:aaaa:gr00::/64 2002:<Lo1IP>:cccc::1
6to4
2001:AAAA:gr00::/64
VLAN gr30
RSg1
::/0
PEinet
Lo 789
2001:7:8:9::1/64
Tun200 multipoint
2002:0163:6301:cccc::1/64
static to VLAN gr30
static routes not preconfigured here
Lo1
1.99.g.2/32
Lo1
1.99.g.3/32Lo1
1.99.g.1/32
Rg1 Rg2 Rg3
Service Provider’s MPLS/IPv4 core
Tun 202 multipoint
VRF V6VRF V6VRF V6
Use 1.99.x.x./32 loopbacks for tunnel source/destination
ISATAP:
interface tunnel202
tunnel mode ipv6ip isatap
ipv6 address 2001:EEEE::/64 eui-64
…
ipv6 route 2001:aaaa:gr00::/64 2001:EEEE::5EFE:<LoIP>
ISATAP
2001:AAAA:gr00::/64
VLAN gr30
RSg1
::/0
PEinet
Lo 789
2001:7:8:9::1/64
Tun202 multipoint
static to VLAN gr30
Tun 202 multipoint Tun 202 multipoint
static routes not preconfigured here
site prefix 2001:EEEE::/32
top related