cc/td/doc/product/rtrmgmt/vpnsc/mpls/1_2
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

VPN Solutions Center Configuration File Examples

VPN Solutions Center Configuration File Examples

This chapter provides several examples of configuration files used to provision VPN Solutions Center: MPLS Solution, Release 1.2. The IP addresses and network device names included in these examples are generic and are not intended to be used in your network.

Tips When using these configuration file examples in live networks, be sure to substitute the appropriate IP addresses for the ones used in these examples.

The following configuration files are included in this appendix:

CEs Configured as Hubs in the VPN

This configuration file provides an example of CEs configured as hubs in the VPN. In this example, a unique route distinguisher (RD) value is provisioned for each VRF.

!!
!! Topology:
!!
!! CE1---PE==PE1---CE2
!
!! --------------------------------
!! Provider Edge router PE is a member of the Blue VPN without 
!! Management VPN connectivity.
!! CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN—vrf V9:blue
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!! Unique RD per VRF provisioned. Provisioned RD does not equal the RD on PE1.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! The subinterface on the PE faces the CE. The address is from the VPNSC 
!! IP address Pool.
!
interface Serial2/3.333 point-to-point
description Serial2/3.333 fr dlci=333 : Provisioned by VPNSC: Service Request Id# = 14
ip vrf forwarding V6:blue
ip address 11.10.10.17 255.255.255.252
frame-relay interface-dlci 333 
no shutdown
!
!! The routing protocol for the PE-to-CE link is RIP.
!! Definition for a RIP routing instance for VRF Blue.
!! Routes from the IBGP core that are associated with route-targets 200:5 or 200:6 
!! are redistributed into RIP.
!
router rip
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
no auto-summary
version  2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue 
!! VRF blue RIP routes are redistributed into the IBGP core.
!! Exported RIP routes are associated with route target 200:5.
!
router bgp 200
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
!! The subinterface on the CE is facing the PE. The IP address is from the VPNSC Pool.
!
interface Serial0.333 point-to-point
description Serial0.333 fr dlci=333 : Provisioned By VPNSC: Service Request Id# = 14
ip address 209.165.201.21 255.255.255.224
frame-relay interface-dlci 333 
no shutdown
!
!! The routing protocol for the PE-to-CE1 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version  2
!
!! --------------------------------
!! Provider Edge router PE1 is a member of the Blue VPN without 
!! Management VPN connectivity.
!
! Hostname: PE1
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN—vrf V9:blue
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!! Unique RD per VRF is provisioned, thus, the RD does not equal the RD on the PE.
!
ip vrf V9:blue
rd 200:9
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! The subinterface on the PE is facing the CE. The IP address is from the VPNSC Pool.
!
interface Serial2/0.334 point-to-point
description Serial2/0.334 fr dlci=334 : Provisioned by VPNSC: Service Request Id# = 15
ip vrf forwarding V9:blue
ip address 209.165.201.20 255.255.255.224
frame-relay interface-dlci 334 
no shutdown
!
!! The routing protocol for the PE-to-CE link is RIP.
!! Definition for a RIP routing instance for VRF Blue.
!! Routes associated with route-targets from the BGP core that are associated 
!! with route-targets 200:5 or 200:6 are redistributed into RIP.
!
router rip
address-family ipv4 vrf V9:blue
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
no auto-summary
version  2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!! Exported RIP routes are associated with route target 200:5.
!
router bgp 200
address-family ipv4 vrf V9:blue
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE2 is provisioned as a hub in the Blue VPN.
!
! Hostname: CE2
!
! Version 12.0
!
!! The subinterface on the CE is facing the PE. The IP address is from the VPNSC Pool.
!
interface Serial0.334 point-to-point
description Serial0.334 fr dlci=334 : Provisioned by VPNSC: Service Request Id# = 15
ip address 209.165.201.22 255.255.255.224
frame-relay interface-dlci 334 
no shutdown
!
!! The routing protocol for the PE1-to-CE2 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version  2

Sample Hub-and-Spoke Topology

This configuration file shows a sample hub-and-spoke topology with three CEs. CE1 is a hub in the VPN; CE2 and CE3 are spokes in the same VPN. An -s appended to the VRF name indicates that the VRF is associated with spoke connectivity. The VRF naming and the RD/RT allocation would not change if one or more PEs are employed.

!! Topology:
!!
!! CE1---PE---CE2
!!        |
!! CE3----
!!
!! This configuration would not change if the CEs were attached to the same 
!! or different PEs.
!
!! --------------------------------
!! Provider Edge router: the PE is a member of the Blue VPN without 
!! Management VPN connectivity.
!! CE1 is provisioned as a hub; CE2 and CE3 are provisioned as spokes in the Blue VPN.
!
!Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN—vrf V6:blue 
!! for CE1 hub connectivity.
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! Provisioned routing forwarding instance for Blue VPN—vrf V7:blue-s 
!! for CE2 spoke connectivity.
!! The "-s" appended to the VRF name indicates that this VRF is associated with 
!! spoke connectivity.
!! Route target 200:5 is used for hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V7:blue-s
rd 200:7
route-target import 200:5
route-target export 200:6
!
!! Provisioned routing forwarding instance for Blue VPN—vrf V8:blue-s 
!! for CE2 spoke connectivity.
!! The "-s" indicates that this VRF is associated with spoke connectivity.
!! Route target 200:5 is used for hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V8:blue-s
rd 200:8
route-target import 200:5
route-target export 200:6
!
!! The subinterface on the PE faces CE1; the address is from the VPNSC IP address Pool.
!
interface Serial2/0.122 point-to-point
description Serial2/0.122 fr dlci=122 : Provisioned by VPNSC: Service Request Id# = 11
ip vrf forwarding V6:blue
ip address 209.165.201.1 255.255.255.224
frame-relay interface-dlci 122 
no shutdown
!
!! The subinterface on the PE faces CE2; the address is from the VPNSC IP address pool.
!
interface Serial2/1.123 point-to-point
description Serial2/1.123 fr dlci=123 : Provisioned by VPNSC: Service Request Id# = 12
ip vrf forwarding V7:blue-s
ip address 209.165.201.2 255.255.255.224
frame-relay interface-dlci 123 
no shutdown
!
!! The subinterface on the PE faces CE3; the address is from the VPNSC IP address pool.
!
interface Serial2/2.124 point-to-point
description Serial2/2.124 fr dlci=124 : Provisioned by VPNSC: Service Request Id# = 13
ip vrf forwarding V8:blue-s
ip address 209.165.201.3 255.255.255.224
frame-relay interface-dlci 124 
no shutdown
!
!! The routing protocol is RIP on the PE-to-CE link.
!!
router rip
!
!! Definition for RIP routing instance for VPN Blue.
!! Routes from the IBGP core that are associated with route-targets 200:5 or 200:6 
!! are redistributed into RIP.
!! Provides hub VRF definition.
!
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
!! Definition for RIP routing instance for VRF Blue-s (spoke)
!! Routes from the IBGP core that are associated with route-targets 200:5 
!! are redistributed into RIP.
!!
address-family ipv4 vrf V7:blue-s
redistribute bgp 200 metric transparent
network 209.165.201.0
!
router rip
address-family ipv4 vrf V8:blue-s
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
no auto-summary
version  2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!
router bgp 200
!
!! Exported RIP routes are associated with route target 200:5.
!
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! Exported RIP routes are associated with route target 200:6.
!
address-family ipv4 vrf V7:blue-s
redistribute rip
exit-address-family
!
!! Exported RIP routes are associated with route target 200:6.
!
address-family ipv4 vrf V8:blue-s
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: CE1
!
! Version 12.0
!
!! The CE subinterface faces the PE; the address is from the VPNSC IP address pool.
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.122 point-to-point
description Serial0.122 fr dlci=122 : Provisioned by VPNSC: Service Request Id# = 11
ip address 209.165.201.4 255.255.255.224
frame-relay interface-dlci 122 
no shutdown
!
!! The routing protocol for the PE-to-CE1 link is RIP.
!! Provides optional redistribution of the customer routing protocol EIGRP into the VPN.
!
router rip
network 209.165.201.0
redistribute eigrp 11 metric 1
no auto-summary
version  2
!
router eigrp 11
redistribute rip metric 1544 2000 255 1 1500
!
!! --------------------------------
!! Customer Edge router CE2 is provisioned as a spoke in the Blue VPN.
!
! Hostname: CE2
!
! Version 12.0
!
!! The CE subinterface faces the PE; the address is from the VPNSC IP address pool.
!
interface Serial0.123 point-to-point
description Serial0.123 fr dlci=123 : Provisioned by VPNSC: Service Request Id# = 12
ip address 209.165.201.5 255.255.255.224
frame-relay interface-dlci 123 
no shutdown
!
!! The routing protocol for the PE-to-CE2 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version  2
!
!! --------------------------------
!! Customer Edge router CE3 is provisioned as a spoke in the Blue VPN.
!!
! Hostname: CE3
!
! Version 12.0
!
!! The subinterface on the CE is facing the PE, the IP address is from the VPNSC Pool.
!
interface Serial0.124 point-to-point
description Serial0.124 fr dlci=124 : Provisioned By VPNSC: Service Request Id# = 13
ip address 209.165.201.6 255.255.255.224
frame-relay interface-dlci 124 
no shutdown
!
!! The routing protocol for the PE-to-CE3 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version  2

Management VPN Configuration Example

This configuration file provides an example of provisioning a Management VPN, as well as provisioning the Management CE (MCE) and Management PE (MPE). For related information, see the "Provisioning a Management VPN" section and the "Management VPN Technique" section.

!! Topology:
!!
!! CE1---PE==MPE---MCE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Blue VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN—vrf V6:blue.
!! The route-target 200:5 is for customer-hub connectivity.
!! The route-target 200:6 is for customer-spoke connectivity.
!! The route-target 200:1 is to import a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the blue VRF.
!! The export map exports the management route-target 200:2 and exports the
!! Blue VPN target 200:5.
!! The CE attached to the Blue VPN is a spoke in the Management VPN.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target import 200:1
route-target export 200:5
export map grey_mgmt_vpn_VpnsRus_V6:blue
!
!! The subinterface on the PE faces CE1. The IP address is from the VPNSC Pool.
!
interface Serial2/1.555 point-to-point
description Serial2/1.555 fr dlci=555 : Provisioned by VPNSC: Service Request Id# = 16
ip vrf forwarding V6:blue
ip address 209.165.202.129 255.255.255.224
frame-relay interface-dlci 555 
no shutdown
!
!! The routing protocol for the PE-to-CE link is RIP.
!! Definition for a RIP routing instance for VRF Blue.
!! Routes from IBGP core that are associated with route-targets 200:5, or 200:6, 
!! or 200:1 are redistributed into RIP.
!
router rip
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.202.128
exit-address-family
!
no auto-summary
version  2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!! Exported RIP routes are associated with route target 200:5 and 200:2.
!
router bgp 200
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! The route map is used by the export map in the Blue VRF for filtering 
!! routes to the Management VPN.
!! The match matches the PE-to-CE subnet with access-list 1.
!! Route-targets for Management 200:2 and Blue VPN route-target 200:5 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V6:blue permit 10
match ip address 1 
set extcommunity rt 200:2
set extcommunity rt 200:5
!
access-list 1 permit 11.10.10.24 0.0.0.0
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN 
!! and as a spoke in the Management VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.555 point-to-point
description Serial0.555 fr dlci=555 : Provisioned By VPNSC: Service Request Id# = 16
ip address 209.165.200.225 255.255.255.224
frame-relay interface-dlci 555 
no shutdown
!
!! The routing protocol for the PE-to-CE1 link is RIP.
!
router rip
network 209.165.200.224
no auto-summary
version  2
!
!! --------------------------------
!! Management Provider Edge router: MPE 
!! The attached Management CE (MCE) is a hub in the Management VPN.
!
! Hostname: MPE
! Version 12.0
!
!! The Management VPN uses route-target 200:1 as a hub and route-target 200:2 as a spoke.
!
ip vrf grey_mgmt_vpn_VpnsRus
rd 200:1
route-target import 200:1
route-target import 200:2
route-target export 200:1
!
!! The subinterface on the MPE faces the MCE.
!
interface Serial1/3
ip vrf forwarding grey_mgmt_vpn_VpnsRus
ip address 209.165.201.30 255.255.255.224
!
!! The routing protocol for the MPE-to-MCE link is RIP.
!! (Cisco recommends that you use a dynamic routing protocol.)
!! Definition for RIP routing instance for the VRF Grey Management VPN.
!! Routes from IBGP core that are associated with route-targets 200:1
!! and 200:2 are redistributed into RIP.
!! The subnet from the PE to CE1 link is imported with route-target 200:2.
!
router rip
address-family ipv4 vrf grey_mgmt_vpn_VpnsRus
redistribute static metric 1
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
!! Routes are exported into the BGP core from RIP; connected and static routes 
!! use route-target 200:1.
!
router bgp 200
address-family ipv4 vrf grey_mgmt_vpn_VpnsRus
redistribute rip
redistribute static
redistribute connected
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: MCE
!
! Version 12.0
!
interface Serial0
description Provisioned by VPNSC: Service Request Id# = 1
!
router rip
network 209.165.201.0
!
rtr responder

A CE Configured as a Member of an Extranet

This configuration includes three CEs—two CEs in different VPNs and one CE that is a member of an extranet. A VRF name appended with -etc indicates that the VRF is a member of an extranet.

!! Topology:
!
!! CE1---PE---CE2
!!        |
!! CE3----
!
!! CE1 is a hub in the Blue VPN.
!! CE2 is a hub in the Red VPN.
!! CE3 is a hub in both the Blue and Red VPNs (Extranet).
!!
!! This configuration would not change if the CEs are attached to the same 
!! or different PEs.
!
!! --------------------------------
!! Provider Edge router: PE 
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for blue VPN—vrf V6:blue 
!! for CE1 hub connectivity.
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! Provisioned routing forwarding instance for Red VPN—vrf V10:red 
!! for CE2 hub connectivity.
!! Route target 200:3 is used for hub-to-hub routing connectivity.
!! Route-target 200:4 is used for spoke routing connectivity.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target export 200:3
!
!! Provisioned routing forwarding instance for blue VPN—vrf V6:blue-etc 
!! for CE3 hub connectivity.
!! Route target 200:5 is used for hub-to-hub routing connectivity in the Blue VPN
!! Route-target 200:6 is used for spoke routing connectivity in the Blue VPN
!! Route target 200:3 is used for hub-to-hub routing connectivity in the Red VPN
!! Route-target 200:4 is used for spoke routing connectivity in the Red VPN
!! The VRF name with "-etc" indicates that the VRF is a member of an extranet.
!
ip vrf V11:blue-etc
rd 200:11
route-target import 200:3
route-target import 200:4
route-target import 200:5
route-target import 200:6
route-target export 200:3
route-target export 200:5
!
!! The subinterface on the PE is facing CE1; the IP address is from the VPNSC Pool.
!
interface Serial2/0.343 point-to-point
description Serial2/0.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 17
ip vrf forwarding V6:blue
ip address 209.165.200.230 255.255.255.224
frame-relay interface-dlci 343 
no shutdown
!
!! The subinterface on the PE is facing CE2; the IP address is from the VPNSC Pool.
!
interface Serial2/3.888 point-to-point
description Serial2/3.888 fr dlci=888 : Provisioned by VPNSC: Service Request Id# = 18
ip vrf forwarding V10:red
ip address 209.165.200.231 255.255.255.224
frame-relay interface-dlci 888 
no shutdown
!
!! The subinterface on the PE is facing CE3; the IP address is from the VPNSC Pool.
!
interface Serial2/5.777 point-to-point
description Serial2/5.777 fr dlci=777 : Provisioned by VPNSC: Service Request Id# = 19
ip vrf forwarding V11:blue-etc
ip address 209.165.200.232 255.255.255.224
frame-relay interface-dlci 777 
no shutdown
!
!! The routing protocol is RIP on the PE-to-CE link.
!
router rip
!
!! Definition for the RIP routing instance for the VPN Blue.
!! Routes from the IBGP core that are associated with route-targets 200:5 or 200:6 
!! are redistributed into RIP.
!! Hub VRF definition.
!
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.200.224
exit-address-family
!
!! Definition for RIP routing instance for the VPN Red.
!! Routes from the IBGP core that are associated with route-targets 200:3 or 200:4 
!! are redistributed into RIP.
!! Provides hub VRF definition.
!
address-family ipv4 vrf V10:red
redistribute bgp 200 metric transparent
network 209.165.200.224
exit-address-family
!
!! Definition for RIP routing instance for the VRF in both the Red and Blue VPNs.
!! Routes from the IBGP core that are associated with route-targets 200:5, 200:6, 200:3, !! or 200:4 are redistributed into RIP.
!! Provides hub VRF definition.
!
address-family ipv4 vrf V11:blue-etc
redistribute bgp 200 metric transparent
network 209.165.200.224
exit-address-family
!
router bgp 200
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! Definition of the core-facing IBGP routing protocol routing instance for the VRF Blue.
!! VRF Red RIP routes are redistributed into the IBGP core.
!
address-family ipv4 vrf V10:red
redistribute rip
exit-address-family
!
!! Core-facing IBGP routing protocol routing instance for the extranet VRF
!! VRF Red RIP routes are redistributed into the IBGP core
!
address-family ipv4 vrf V11:blue-etc
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.343 point-to-point
description Serial0.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 17
ip address 209.165.200.233 255.255.255.224
frame-relay interface-dlci 343 
no shutdown
!
router rip
network 209.165.200.224
no auto-summary
version  2
!
!! --------------------------------
!! Customer Edge router CE2 is provisioned as a hub in the Red VPN.
!
! Hostname: CE2
!
! Version 12.0
!
interface Serial0.888 point-to-point
description Serial0.888 fr dlci=888 : Provisioned by VPNSC: Service Request Id# = 18
ip address 209.165.200.234 255.255.255.224
frame-relay interface-dlci 888 
!
no shutdown
!
router rip
network 209.165.200.224
no auto-summary
version  2
!
!! --------------------------------
!! Customer Edge router CE3 is provisioned as a hub in the Red and Blue VPNs.
!
! Hostname: CE3
!
! Version 12.0
!
interface Serial0.777 point-to-point
description Serial0.777 fr dlci=777 : Provisioned by VPNSC: Service Request Id# = 19
ip address 209.165.200.235 255.255.255.252
frame-relay interface-dlci 777 
no shutdown
!
router rip
network 209.165.200.224
no auto-summary

OSPF Routing for the PE-CE Link

This configuration file provides an example of using the Open Shortest Path First (OSPF) protocol on the PE-CE link, and using IP unnumbered provisioning from the PE to CE1. CE1 is a member of a VPN called Red. CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.The export map exports only the PE-to-CE link subnet from the Red VRF. VRF Red OSPF routes are redistributed into the IBGP core. The route map is used by the export map in the Red VRF to filter routes to the Management VPN.

!! Area 0 uses the PE-to-CE link without default information originate
!!
!! Topology:
!!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Red VPN—vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route for management from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
 
interface Serial2/3.323 point-to-point
description Serial2/3.323 fr dlci=323 : Provisioned by VPNSC: Service Request Id# = 21
ip vrf forwarding V10:red
ip address 209.165.200.225 255.255.255.224
frame-relay interface-dlci 323
no shutdown
!!
!! OSPF routing for vrf Red using Area 0.
!! IBGP routes that reference route-targets 200:3,200:4, or 200:1 are redistributed 
!! into VRF Red.
!
router ospf 10 vrf V10:red
network 209.165.200.224 0.0.0.3 area 0
redistribute bgp 200 subnets
!
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red OSPF routes are redistributed into the IBGP core.
!! Exported static routes are associated with route targets 200:3 and 200:2.
!
router bgp 200
address-family ipv4 vrf V10:red
!
redistribute ospf 10 match internal external 1 external 2
exit-address-family
!
!! The route map is used by the export map in the Red VRF to filter routes
!! to the Management VPN.
!! The match matches-the-PE to CE subnet with access-list 1.
!! route-targets 200:2 and 200:3 are exported
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address 1
set extcommunity rt 200:2
set extcommunity rt 200:3
!
access-list 1 permit 209.165.200.224 0.0.0.0
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
!
encapsulation frame-relay
!
interface Serial0.323 point-to-point
description Serial0.323 fr dlci=323 : Provisioned by VPNSC: Service Request Id# = 21
ip address 209.165.200.226 255.255.255.252
frame-relay interface-dlci 323
!
no shutdown
!
router ospf 10
network 209.165.200.224 0.0.0.3 area 0
!
! Hostname: PE
!
! Version 12.0
!
ip vrf V10:red
!
rd 200:10
!
route-target import 200:3
!
route-target import 200:4
!
route-target import 200:1
!
route-target export 200:3
!
export map grey_mgmt_vpn_VpnsRus_V10:red
!
interface Serial2/3.323 point-to-point
description Serial2/3.323 fr dlci=323 : Provisioned by VPNSC: Service Request Id# = 21
!
ip vrf forwarding V10:red
ip address 209.165.200.225 255.255.255.252
frame-relay interface-dlci 323
!
no shutdown
!
router ospf 10 vrf V10:red
network 10.10.10.44 0.0.0.3 area 0
redistribute bgp 200 subnets
!
router bgp 200
address-family ipv4 vrf V10:red
!
redistribute ospf 10 match internal external 1 external 2
exit-address-family
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address 1
set extcommunity rt 200:2
set extcommunity rt 200:3
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
!
encapsulation frame-relay
!
interface Serial0.323 point-to-point
description Serial0.323 fr dlci=323 : Provisioned by VPNSC: Service Request Id# = 21
ip address 209.165.200.226 255.255.255.252
frame-relay interface-dlci 323
!
no shutdown
!
router ospf 10
network 209.165.200.224 0.0.0.3 area 0

OSPF Routing Using IP Unnumbered Provisioning

This configuration file provides an example of using the Open Shortest Path First (OSPF) protocol on the PE-CE link, and using IP unnumbered provisioning from the PE to CE1. CE1 is a member of a VPN called Red. CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.The export map exports only the PE-to-CE link subnet from the Red VRF. VRF Red OSPF routes are redistributed into the IBGP core.

The route map is used by the export map in the Red VRF to filter routes to the Management VPN. The Loopback interface is used for unnumbered connectivity to the PE. The static route points to the Loopback address used for the unnumbered interface on the PE.

!! Area 1 used is for the PE-to-CE link without default information originate.
!!
!! Topology:
!!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Red VPN—vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route for management from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
!! The Loopback interface is used for the unnumbered interface in the Red VRF 
!! using the VPNSC IP address pool.
!
interface Loopback1
description Provisioned by VPN-SC
ip vrf forwarding V10:red
ip address 209.165.201.0 255.255.255.255
no shutdown
!
!! The subinterface on the PE faces CE1.
!
interface Serial2/1.343 point-to-point
description Serial2/1.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 22
ip vrf forwarding V10:red
ip unnumbered Loopback1
frame-relay interface-dlci 343 
no shutdown
!
!! OSPF routing for VRF Red using Area 1.
!! IBGP routes that reference route-targets 200:3,200:4, or 200:1 
!! are redistributed into VRF Red.
!
router ospf 13 vrf V10:red
network 209.165.201.0 0.0.0.0 area 1
redistribute bgp 200 subnets
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF red OSPF routes are redistributed into the IBGP core.
!! Exported static routes are associated with route targets 200:3 and 200:2.
!
router bgp 200
address-family ipv4 vrf V10:red
redistribute ospf 13 match internal external 1 external 2
redistribute static
exit-address-family
!
!! The static route that points to the CE loopback address is redistributed 
!! into the IBGP core.
!
ip route vrf V10:red 209.165.201.1 255.255.255.255 Serial2/1.343 1
!
!! The route map is used by the export map in the Red VRF to filter routes 
!! to the Management VPN.
!! The match matches-the-PE to CE subnet with access-list 1.
!! Route-targets 200:2 and 200:3 are exported
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address 1 
set extcommunity rt 200:2
set extcommunity rt 200:3
!
access-list 1 permit 209.165.201.1 0.0.0.0
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
!! The Loopback interface is used for unnumbered connectivity to the PE.
!
interface Loopback1
description Provisioned by VPN-SC
ip address 209.165.201.1 255.255.255.255
no shutdown
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.343 point-to-point
description Serial0.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 22
ip unnumbered Loopback1
frame-relay interface-dlci 343 
no shutdown
!
!! The OSPF routing protocol uses Area 1 for the PE-to-CE link.
!
router ospf 13
network 209.165.201.1 0.0.0.0 area 1
!
!! The static route points to the Loopback address used for the 
!! unnumbered interface on the PE. 
!
ip route 209.165.201.0 255.255.255.255 Serial0.343 1

Static Routing Example

This configuration file provides an example of static routing over the PE-CE link. This configuration file provisions a default static route to the PE. The static route to the PE-CE link is redistributed into the IBGP core. VPN Solutions Center supports default and specific static routes to other VPN sites. The CE uses default routing. 

!
!! Topology:
!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for red VPN - vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 imports a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
!
export map grey_mgmt_vpn_VpnsRus_V10:red
!
!! The subinterface on the PE faces CE1; the IP address is taken from the 
!! VPNSC IP address pool.
!
interface Serial2/0.454 point-to-point
description Serial2/0.454 fr dlci=454 : Provisioned by VPNSC: Service Request Id# = 20
ip vrf forwarding V10:red
ip address 209.165.202.130 255.255.255.252
frame-relay interface-dlci 454 
no shutdown
!
!! The static route to the PE-to-CE link is redistributed into the IBGP core.
!
ip route vrf V10:red 209.165.202.129 255.255.255.255 Serial2/4.766 1
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red static routes are redistributed into the IBGP core.
!! Exported static routes are associated with route targets 200:3 and 200:2.
!
router bgp 200
address-family ipv4 vrf V10:red
redistribute static
exit-address-family
!
!! The route map is used by the export map in the Red VRF to filter routes 
!! to the Management VPN.
!! The match matches-the-PE to CE subnet with access-list 1.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address 1 
set extcommunity rt 200:2
set extcommunity rt 200:3
!
access-list 1 permit 209.165.202.129 0.0.0.0
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.455 point-to-point
description Serial0.455 fr dlci=455 : Provisioned by VPNSC: Service Request Id# = 20
ip address 209.165.202.131 255.255.255.252
frame-relay interface-dlci 455 
no shutdown
!
!! A default static route to the PE is provisioned.
!! VPNSC supports default and specific static routes to other VPN sites.
!
ip route 0.0.0.0 0.0.0.0  209.165.202.130 1

EBGP Routing from PE to CE

This configuration file shows an example of using External BGP connectivity from a PE to a CE. A route target is provisioned to import a route from the Management CE (MCE) into the Red VPN's VRF. The export map exports only the PE-to-CE subnet from the Red VRF for connectivity to the MCE.

!!
!! Topology:
!!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!!
!! Provisioned routing forwarding instance for Red VPN—vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
interface Serial2/6
encapsulation frame-relay
!
!! The subinterface on the PE is facing CE1; the IP address is from the VPNSC Pool.
!
interface Serial2/6.555 point-to-point
description Serial2/6.555 fr dlci=555 : Provisioned by VPNSC: Service Request Id# = 23
ip vrf forwarding V10:red
ip address 209.165.200.225 255.255.255.224
frame-relay interface-dlci 555 
no shutdown
!
!! Definition for core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red EBGP neighbor for AS 10 on the CE.
!
router bgp 200
address-family ipv4 vrf V10:red
neighbor 209.165.200.226 remote-as 10
neighbor 209.165.200.226 activate
exit-address-family
!
!! Route map is used by the export map in Red VRF to filter routes to the Management VPN.
!! The match matches the PE-to-CE subnet with access-list 1.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address 1 
set extcommunity rt 200:2
set extcommunity rt 200:3
!
access-list 1 permit 209.165.200.227 0.0.0.0
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN. 
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.555 point-to-point
description Serial0.555 fr dlci=555 : Provisioned By VPNSC: Service Request Id# = 23
ip address 209.165.200.226 255.255.255.224
frame-relay interface-dlci 555 
no shutdown
!
!! EBGP neighbor to AS 200 on the PE.
!
router bgp 10
neighbor 209.165.200.225 remote-as 200

Provisioning EBGP Routing with IP Unnumbered Scheme

This configuration file provides an example of provisioning the PE-CE link using External BGP and an IP unnumbered addressing scheme. A route target is provisioned to import a route from the Management CE (MCE) into the VRF. The loopback interface on the CE is used for an unnumbered EBGP session to the PE.

!! EBGP routing PE-to-CE with unnumbered provisioning PE-to-CE1
!!
!! Topology:
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE member
!! CE1 is provisioned as a hub in the Red VPN and a spoke in the Management VPN
! Hostname: pe
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Red VPN—vrf V10:red
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
!! The Loopback interface is used for the unnumbered interface in the Red VRF;
!! the IP address is taken from the VPNSC IP address pool
!
interface Loopback1
description Provisioned by VPN-SC
ip vrf forwarding V10:red
ip address 209.165.200.228 255.255.255.255
no shutdown
!
!! The subinterface on the PE is facing CE1.
!
interface Serial2/4.766 point-to-point
description Serial2/4.766 fr dlci=766 : Provisioned By VPNSC: Service Request Id# = 24
ip vrf forwarding V10:red
ip unnumbered Loopback1
frame-relay interface-dlci 766 
no shutdown
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red EBGP neighbor is in AS 10.
!! EBGP multihop is used for neighbor connectivity to the CE loopback interface.
!
router bgp 200
address-family ipv4 vrf V10:red
neighbor 209.165.200.229 remote-as 10
neighbor 209.165.200.229 activate
!
neighbor 209.165.200.229 ebgp-multihop
neighbor 209.165.200.229 update-source Loopback1
redistribute static
exit-address-family
!
!! The static route to the CE loopback is redistributed into the IBGP core.
!
ip route vrf V10:red 209.165.200.229 255.255.255.255 Serial2/4.766 1
!
!! The static route to the CE loopback is in the global table used by a recursive lookup.
!
ip route 209.165.200.229 255.255.255.255 Serial2/4.766 1
!
!! The route map is used by the export map in the Red VRF for filtering routes
!! to the Management VPN.
!! The match matches the PE-to-CE subnet with access-list 1.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address 1 
set extcommunity rt 200:2
set extcommunity rt 200:3
!
access-list 1 permit 209.165.200.229 0.0.0.0
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
!
encapsulation frame-relay
!
!! The loopback interface on the CE is used for an unnumbered EBGP session to the PE.
!
interface Loopback1
description Provisioned by VPN-SC
ip address 209.165.200.229 255.255.255.255
!
no shutdown
!
interface Serial0.766 point-to-point
description Serial0.766 fr dlci=766 : Provisioned By VPNSC: Service Request Id# = 24
ip unnumbered Loopback1
frame-relay interface-dlci 766 
no shutdown
!
!! EBGP neighbor to AS 200 on the PE
!
router bgp 10
neighbor 209.165.200.228 remote-as 200
!
neighbor 209.165.200.228 ebgp-multihop
neighbor 209.165.200.228 update-source Loopback1
!
no auto-summary
!
!! The static route points to the PE loopback interface
!
ip route 209.165.200.228 255.255.255.255 Serial0.766 1

Cable Network Example

This configuration file provides an example of a simple cable network configuration.

!hostname: widgets
!
! Version 12.0
!
ip vrf V5:WidgetVPN
!
rd 200:5
!
route-target import 301:1
!
route-target import 301:2
!
route-target import 200:1
!
route-target export 301:1
!
export map grey_mgmt_vpn_VpnsRus_V5:WidgetVPN
!
interface Cable1.1
description : Provisioned by VPNSC: Service Request Id# = 14
!
ip vrf forwarding V5:WidgetVPN
ip address 209.165.200.225 255.255.255.252
!
cable helper-address 3.4.5.6
!
no shutdown
!
router bgp 200
address-family ipv4 vrf V5:WidgetVPN
exit-address-family
!
route-map grey_mgmt_vpn_VpnsRus_V5:WidgetVPN permit 10
match ip address 1 
set extcommunity rt 200:2
set extcommunity rt 301:1
!
no access-list 1
access-list 1 permit 5.5.5.8 0.0.0.0
access-list 1 permit 8.8.8.8 0.0.0.0


hometocprevnextglossaryfeedbacksearchhelp
Posted: Wed Sep 20 15:04:01 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.