MPLS VPN Layer 3 - Cisco IOS vs Juniper JunOS

In urmatorul post ne uitam si la alt sistem de operare specific echipamentelor Juniper si anume JunOS. Eu consider ca acest sistem de operare este foarte potrivit intr-un cadru de lucru in care greselile de config pot fi corectate foarte usor prin revenirea la o configuratie anterioara cu ajutorul unei singure comenzi, rollback. Un alt avantaj este cel reprezentat de utilizarea comenzii commit, astfel incat nu avem configuratii intermediare/incomplete.

Elementele cheie sunt:

• P2 si PE2 ruleaza JunOS
• P1 si PE1 ruleaza IOS
• intre PE1 si PE2 avem o sesiune iBGP VPNv4
• pe fiecare PE am definit doua VRF-uri (VPN-A si VPN-B) cu acelasi plan de adresare, pentru a verifica izolarea corecta atat din control-plane cat si din data-plane

Topologie

Config routere P

P1 interface Loopback0 ip address 11.11.11.11 255.255.255.255 !Fa0/0.5 - leg catre PE1 interface FastEthernet0/0.5 encapsulation dot1Q 5 ip address 172.16.5.1 255.255.255.0 ip router isis AS100 mpls ip !Fa0/0.10 - leg catre P2 interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 172.16.10.2 255.255.255.0 ip router isis AS100 mpls ip mpls ldp router-id Loopback0 force router isis AS100 is-type level-2-only net 49.0001.0110.1101.1011.00 passive-interface Loopback0

P2 interfaces { em0 { vlan-tagging; /*unit 10 - leg catre P1*/ unit 10 { vlan-id 10; family inet { address 172.16.10.1/24; } family iso; family mpls; } /*unit 20 - leg catre PE2*/ unit 20 { vlan-id 20; family inet { address 172.16.20.1/24; } family iso; family mpls; } } lo0 { unit 1 { family inet { address 1.1.1.0/32; } family iso { address 49.0001.0010.0100.1001.00; } family mpls; } } } protocols { mpls { interface em0.10; interface em0.20; } isis { level 1 disable; interface em0.10; interface em0.20; interface lo0.1 { passive; } } ldp { interface em0.10; interface em0.20; } }

Config routere PE

PE1 ip vrf VPN-A rd 100:1 route-target export 100:1 route-target import 100:1 ip vrf VPN-B rd 100:2 route-target export 100:2 route-target import 100:2 interface Loopback0 ip address 22.22.22.22 255.255.255.255 interface Loopback10 ip vrf forwarding VPN-A ip address 10.1.1.1 255.255.255.255 interface Loopback20 ip vrf forwarding VPN-B ip address 10.1.1.1 255.255.255.255 !Fa0/0.5 - leg catre P1 interface FastEthernet0/0.5 encapsulation dot1Q 5 ip address 172.16.5.2 255.255.255.0 ip router isis AS100 mpls ip router isis AS100 net 49.0001.0220.2202.2022.00 passive-interface Loopback0 router bgp 100 no bgp default ipv4-unicast !sesiune iBGP VPNv4 cu PE2 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended exit-address-family address-family ipv4 vrf VPN-B redistribute connected exit-address-family address-family ipv4 vrf VPN-A redistribute connected exit-address-family

PE2 interfaces { em0 { vlan-tagging; unit 20 { vlan-id 20; family inet { address 172.16.20.2/24; } family iso; family mpls; } } lo0 { unit 1 { family inet { address 2.2.2.2/32; } family iso { address 49.0001.0020.0200.2002.00; } } unit 10 { family inet { address 10.2.2.2/32; } } unit 20 { family inet { address 10.2.2.2/32; } } } } protocols { mpls { interface em0.20; } bgp { group iBGP { local-address 2.2.2.2; peer-as 100; local-as 100; neighbor 22.22.22.22 { family inet-vpn { unicast; } } } } isis { level 1 disable; interface em0.20; interface lo0.1; } ldp { interface em0.20; interface lo0.1; } } routing-instances { VPN-A { instance-type vrf; interface lo0.10; route-distinguisher 100:1; vrf-target { import target:100:1; export target:100:1; } vrf-table-label; } VPN-B { instance-type vrf; interface lo0.20; route-distinguisher 100:2; vrf-target { import target:100:2; export target:100:2; } vrf-table-label; } }

Pentru a testa puteti folosi comenzile ping 10.1.1.1 routing-instance VPN-A si ping 10.1.1.1 routing-instance VPN-B de pe routerul PE2.

Pe cei dornici sa aprofundeze ii invit la cursurile academiei Cisco Netschool.