Sunday, September 1, 2013

Inter Provider L3 VPN -- Option B

Inter Provider VPN connectivity is often translated as International VPN which are normally required by multinational enterprises. This lab follows the second most scalable Inter-Provider L3 VPN Solution called “External Multiprotocol BGP” method.
Gear Used:

GNS3 (Intel Core i3 3110M with 4 GB  RAM)
Cisco C3640-JK9O3S-M, Version 12.4(16a), used for Provider & Provider Edge Routers (PE-A, PE-B, CORE-A, CORE-B, ASBR-PE-A & ASBR-PE-B)

C2691-ADVENTERPRISEK9-M, Version 12.4(5a), used for Client End Routers (CE-1, CE-2)
NOTE: Live IP Addresses & AS numbers used in this lab are purely fictitious; any resemblance to any IP/AS living or dead is purely coincidental.

Network Diagram:

 Scenario Detail:
We have 2 sites of a client CE-1 & CE-2 in need of VPN connectivity between each other located at geographically distant locations. Client couldn’t find a single ISPs presence at both locations. So, the VPN circuit has to be established across two ISPs. What follows is the complete configuration detail.

Configuration Files:
Inter Provider L3 VPN
Posted by at No comments:

Monday, August 26, 2013

MPLS L2 Martini Circuits (Ethernet over MPLS)


Lab 1-A: Port Based MPLS L2 Martini Circuit

This time I’m going to configure MPLS based L2 circuit called ‘Martini’. Obviously, you can Google the term for theory.

ISPs utilize this technique to provide their customers with clear L2 circuits on an MPLS infrastructure. Let’s see how it is done.

Gear Used:

GNS3 (Intel Core i3 3110M with 4 GB  RAM)

Cisco C3640-JK9O3S-M, Version 12.4(16a), used for Provider Routers (P1 & P2)

C3725-ADVENTERPRISEK9-M, Version 12.4(15)T5, used for Provider Edge Routers (PE_A & PE_B)

C2691-ADVENTERPRISEK9-M, Version 12.4(5a), used for Client End Routers (Client_A1 & Client_A2)
Network Diagram:
 

 

 

 
 
 
 
Scenario Detail:
·         Client ‘A’ asked the ISP for a clear L2 circuit between their sites A1 & A2.
·         ISP’s infrastructure is based on MPLS.
·         So, the ISP has configured an MPLS L2 Martini circuit between its edge routers.
·         The diagram above has all the IP details.
·         Client has established its L3 network over this L2 link & is running OSPF.
 
Lab 1-B: Port Based MPLS L2 Martini Circuit
This lab implementation demonstrates that how client has used this port based MPLS L2 circuit to pass on multiple VLANs.
Gear Used:
GNS3 (Intel Core i3 3110M with 4 GB  RAM)
Cisco C3640-JK9O3S-M, Version 12.4(16a), used for Provider Routers (P1 & P2)
C3725-ADVENTERPRISEK9-M, Version 12.4(15)T5, used for Provider Edge Routers (PE_A & PE_B)
C2691-ADVENTERPRISEK9-M, Version 12.4(5a), used for Client End Routers (Client_A1 & Client_A2)
Network Diagram:
 
 
 
 
 
 
 
 
 Scenario Detail:
·         Client ‘A’ asked the ISP for a clear L2 circuit between their sites A1 & A2.
·         ISP’s infrastructure is based on MPLS.
·         So, the ISP has configured an MPLS L2 Martini circuit between its edge routers.
·         The diagram above has all the IP details.
·         Client is using this circuit to pass on multiple VLANs from site A1 to A2 & is running OSPF & EIGRP.
Lab 2: VLAN Based MPLS L2 Martini Circuit (with VLAN Override)
In real world, no ISP can spare a physical port of any of its routers for any client. Clients are directly connected with the ISP’s L2/L3 switches.
In this lab, I’m going to demonstrate that how VLAN based Martinis are created for multiple clients. Also, I’m going to show you how to configure a Martini circuit with different VLANs at both ends.
Gear Used:
GNS3 (Intel Core i3 3110M with 4 GB  RAM)
Cisco C3640-JK9O3S-M, Version 12.4(16a), used for Provider Routers (P1 & P2)
C3725-ADVENTERPRISEK9-M, Version 12.4(15)T5, used for Provider Edge Routers (PE_A & PE_B)
C2691-ADVENTERPRISEK9-M, Version 12.4(5a), used for Client End Routers (Client_A1, Client_A2, Client_B1 & Client_B2)
GNS3’s default Ethernet Switch
Network Diagram:
 
 

 
 
 
 


Scenario Detail:
·         Client ‘A’ asked the ISP for a clear L2 circuit between their sites A1 & A2 while client B wants an L2 circuit between B1 & B2.
·         ISP’s infrastructure is based on MPLS.
·         So, the ISP has configured two MPLS L2 Martini circuits between its edge routers.
·         The diagram above has all the IP details.
·         Client A has established its L3 network over this L2 link & is running OSPF while client B has established its L3 network over this L2 link & is running EIGRP.
·         For Client A, we have used VLAN 10 at both ends but for Client B, we have used VLAN 20 between PE_A & PE_SW_A and VLAN 30 between PE_B & PE_SW_B.

Configuration Files:
Lab-1
Lab-2  
Posted by at No comments:

Wednesday, July 31, 2013

Failover of 2 or More Internet Circuits on Same Device

The rationale behind this design was that the client required an auto failover solution from the ISP. The ISP is provisioning client with 4 Internet circuits over same physical Ethernet medium via separate VLANs. Two out of these four circuits have radio links as backups & traffic shifting mechanism is manual. Client was terminating all of these circuits on same router of theirs & had PBR applied along with IP SLA (obviously, default route can’t be the option in case of multiple Internet links). 

At ISP side, PBR & IP SLA couldn’t be applied as the PE router was not the same for both primary & backup media. So, I used multiple techniques to fulfill client’s requirement keeping in view the ISP’s design too.
I used IP SLA & PBR at client end to failover between primary & secondary links so that traffic destined for Internet could take the appropriate path out. BGP was configured between ISP & Client device so that return traffic could take the appropriate path (same as outgoing) into client’s device.

Gear Used:
GNS3 (Intel Core i3 3110M with 4 GB  RAM)
Cisco C3640-JK9O3S-M, Version 12.4(16a)


NOTE: Live IPs used in this implementation are purely fictitious; any resemblance to any IP living or dead is purely coincidental.

Network Diagram:

Scenario Detail:
  • ·         Client has been assigned two 110.2.158.16/28 & 103.223.161.128/28 live IP pools by the ISP for the two separate links.  
  • ·         The 2 Internet links have been separated by VLANs 98 & 99 over the Primary media.
  • ·         Backup links are physically separate & are connected to different Ethernet ports of client’s router.
  • ·         BGP neighbor ship has been established over all four point to point connections.
  • ·         MED has been configured higher on backup links so that return traffic will follow the backup path in case of primary media outage.
  • ·         Route maps have been applied at ISP side on all neighbors so that any given link allows only the traffic of assigned subnet.
  • ·         At client end, PBR has been applied along with IP SLA tracking.
  • ·         Traffic from subnet 110.2.158.16/28 will route to 100.100.100.13 & in case this hop becomes unavailable, then, the traffic will route to backup next hop 100.100.100.21.
  • ·         Traffic from subnet 103.223.161.128/28 will route to 100.100.100.17 & in case this hop becomes unavailable, then, the traffic will route to backup next hop 100.100.100.25.
  • ·         The above two rules will also apply to return traffic.
    Configuration Files:

Posted by at No comments:

Wednesday, July 24, 2013

GRE Tunnel between Hub & Spoke with BGP Failover at Spoke Site

This is one small topology that I am going to put in production in few days. Below given is the In-House implementation.

There’s this one client & they are in need of a 10 Mbps VPN circuit between their H.O. & a new spoke site with in the same city. Two Metro Fiber circuits with Ethernet hand off are going to be deployed at the spoke site while the H.O. is already connected with the ISP over Metro Fiber. Both offices are going to be connected to the same PE router of the ISP.
BGP failover is required at the spoke site & Juniper SSG5 is going to be used for the purpose. The client will by-pass the ISP hops via configuring GRE Tunnel between their 2 offices.

Gear Used:
CLIENT-HO --> Cisco 851
ISP-PE --> Juniper SSG5
Client-Spoke --> Juniper SSG5 (To use it as a router, configured all interfaces in same zone)

Network Diagram:

Configuration Files:
http://www.4shared.com/office/KjPlb_E4/GRE_over_BGP_Failover.html




Posted by at No comments:
Subscribe to: Posts (Atom)