Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Overlay VPN task #1. Simple L2VPN.

Topology:



Configure loopback0 interfaces and connections between routers for initial configuration.
All routers run IOS.
Each customer routers has one physical connection to one SP router.

Requirements: 

1. Configure the links between SP routers and loopback0 interfaces of SP routers is OSPF area 0. Do     not configure any additional protocols in SP network.
2. Customer A should have two logical links between routers R4  and R6:
               VLAN 46, IPv4 prefix 10.10.46/24 
               VLAN 64, IPv4 prefix 10.10.64/24
3. Customer A routers should see each other as CDP neighbors. 
4. Customer B should have two links as below:
                R5-R7, IPv4 prefix 172.16.57/24
                R5-R8, IPv4 prefix 172.16.58/24
5. VLANs allowed on Customer B routers are:
                VLAN 57 and VLAN 58 on R5.
                VLAN 87 on R7.
                VLAN 85 on R8.

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of basic L2TPv3 configuration, and functionality provided by PORT and VLAN modes. 

Since SP is only running OSPF and no other protocols are allowed, use L2TPv3 and not AToM. 

Requirement #2 & 3 - for customer A, configure L2TPv3 tunnel in port mode - xconnect is configured directly on physical interface. Disable CDP on SP routers interfaces. 

Requirement #4 and 5 - for customer B, configure L2TPv3 in VLAN mode. Note this configuration also provides example of TAG rewrite, which happens automatically for VLAN mode, when VLAN tag does not match on pseudowire endpoints. 

R1:


!
pseudowire-class CUST_A
 encapsulation l2tpv3
 ip local interface Loopback0
!
pseudowire-class CUST_B
 encapsulation l2tpv3
 ip local interface Loopback0
!
!
interface Loopback0
 ip address 18.0.1.1 255.255.255.255
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 18.0.12.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.3.3 46 pw-class CUST_A
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.57
 encapsulation dot1Q 57
 xconnect 18.0.3.3 57 pw-class CUST_B
!
interface Ethernet1/1.58
 encapsulation dot1Q 58
 xconnect 18.0.3.3 58 pw-class CUST_B
!
!
router ospf 1
 router-id 18.0.1.1
!

R2:

!
interface Loopback0
 ip address 18.0.2.2 255.255.255.255
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 18.0.12.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 18.0.23.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 18.0.2.2
!

R3:


pseudowire-class CUST_A
 encapsulation l2tpv3
 ip local interface Loopback0
!
pseudowire-class CUST_B
 encapsulation l2tpv3
 ip local interface Loopback0
!
!
interface Loopback0
 ip address 18.0.3.3 255.255.255.255
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 18.0.23.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.1.1 46 pw-class CUST_A
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.75
 encapsulation dot1Q 75
 xconnect 18.0.1.1 57 pw-class CUST_B
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/2.85
 encapsulation dot1Q 85
 xconnect 18.0.1.1 58 pw-class CUST_B
!
!
router ospf 1
 router-id 18.0.3.3
!

R4:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.46
 encapsulation dot1Q 46
 ip address 10.10.46.4 255.255.255.0
!
interface Ethernet0/0.64
 encapsulation dot1Q 64
 ip address 10.10.64.4 255.255.255.0
!

R5:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.57
 encapsulation dot1Q 57
 ip address 172.16.57.5 255.255.255.0
!
interface Ethernet0/0.58
 encapsulation dot1Q 58
 ip address 172.16.58.5 255.255.255.0
!

R6:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.46
 encapsulation dot1Q 46
 ip address 10.10.46.6 255.255.255.0
!
interface Ethernet0/0.64
 encapsulation dot1Q 64
 ip address 10.10.64.6 255.255.255.0
!

R7:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.75
 encapsulation dot1Q 75
 ip address 172.16.57.7 255.255.255.0
!

R8:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.85
 encapsulation dot1Q 85
 ip address 172.16.58.8 255.255.255.0
!


Verification:

R4#ping 10.10.46.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.46.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R4#ping 10.10.64.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.64.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


R4#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R6               Eth 0/0            167              R  

R6#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R4               Eth 0/0            169              R    


R5#ping 172.16.57.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.57.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
R5#ping 172.16.58.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.58.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms

R1#show xconnect all
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP     ac   Et1/0(Ethernet)              UP l2tp 18.0.3.3:46                  UP
UP     ac   Et1/1.57:57(Eth VLAN)        UP l2tp 18.0.3.3:57                  UP
UP     ac   Et1/1.58:58(Eth VLAN)        UP l2tp 18.0.3.3:58                  UP

R1#show xconnect all detail
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP     ac   Et1/0(Ethernet)              UP l2tp 18.0.3.3:46                  UP
            Interworking: none                   Session ID: 2025757049
                                                 Tunnel ID: 3426996124
                                                 Protocol State: UP
                                                 Remote Circuit State: UP
                                                 pw-class: CUST_A
UP     ac   Et1/1.57:57(Eth VLAN)        UP l2tp 18.0.3.3:57                  UP
            Interworking: none                   Session ID: 3872782041
                                                 Tunnel ID: 3426996124
                                                 Protocol State: UP
                                                 Remote Circuit State: UP
                                                 pw-class: CUST_B
UP     ac   Et1/1.58:58(Eth VLAN)        UP l2tp 18.0.3.3:58                  UP
            Interworking: none                   Session ID: 3108065373
                                                 Tunnel ID: 3426996124
                                                 Protocol State: UP
                                                 Remote Circuit State: UP
                                                 pw-class: CUST_B

R1#show l2tp tunnel all

L2TP Tunnel Information Total tunnels 1 sessions 3

Tunnel id 3426996124 is up, remote id is 3287559271, 3 active sessions
  Locally initiated tunnel
  Tunnel state is established, time since change 00:27:35
  Tunnel transport is IP  (115)
  Remote tunnel name is R3
    Internet Address 18.0.3.3, port 0
  Local tunnel name is R1
    Internet Address 18.0.1.1, port 0
  L2TP class for tunnel is l2tp_default_class
  Counters, taking last clear into account:
    393 packets sent, 382 received
    43555 bytes sent, 42838 received
    Last clearing of counters never
  Counters, ignoring last clear:
    393 packets sent, 382 received
    43555 bytes sent, 42838 received
  Control Ns 69, Nr 79
  Local RWS 1024 (default), Remote RWS 1024
  Control channel Congestion Control is disabled
  Tunnel PMTU checking disabled
  Retransmission time 1, max 1 seconds
  Unsent queuesize 0, max 0
  Resend queuesize 0, max 2
  Total resends 0, ZLB ACKs sent 74
  Total out-of-order dropped pkts 0
  Total out-of-order reorder pkts 0
  Total peer authentication failures 0
  Current no session pak queue check 0 of 5
  Retransmit time distribution: 0 0 0 0 0 0 0 0 0
  Control message authentication is disabled

R1#show l2tp session all

L2TP Session Information Total tunnels 1 sessions 3

Session id 2025757049 is up, logical session id 32820, tunnel id 3426996124
  Remote session id is 481336315, remote tunnel id 3287559271
  Locally initiated session
  Unique ID is 4
Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0
  Session vcid is 46
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 72000001
Remote tunnel name is R3
  Internet address is 18.0.3.3
Local tunnel name is R1
  Internet address is 18.0.1.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:28:18
    230 Packets sent, 229 received
    24985 Bytes sent, 24908 received
  Last clearing of counters never
  Counters, ignoring last clear:
    230 Packets sent, 229 received
    24985 Bytes sent, 24908 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff739373 12000101
    12000303 1cb09bfb
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 4146, SSM segment id is 8248

Session id 3108065373 is up, logical session id 98420, tunnel id 3426996124
  Remote session id is 1498047836, remote tunnel id 3287559271
  Remotely initiated session
  Unique ID is 5
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.58:58
  Session vcid is 58
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 833700003
Remote tunnel name is R3
  Internet address is 18.0.3.3
Local tunnel name is R1
  Internet address is 18.0.1.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:08:40
    20 Packets sent, 20 received
    2306 Bytes sent, 2306 received
  Last clearing of counters never
  Counters, ignoring last clear:
    20 Packets sent, 20 received
    2306 Bytes sent, 2306 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff739373 12000101
    12000303 594a655c
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 8251, SSM segment id is 20598

Session id 3872782041 is up, logical session id 131192, tunnel id 3426996124
  Remote session id is 1020482833, remote tunnel id 3287559271
  Remotely initiated session
  Unique ID is 8
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.57:57
  Session vcid is 57
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 833700004
Remote tunnel name is R3
  Internet address is 18.0.3.3
Local tunnel name is R1
  Internet address is 18.0.1.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:08:38
    138 Packets sent, 138 received
    16230 Bytes sent, 16230 received
  Last clearing of counters never
  Counters, ignoring last clear:
    138 Packets sent, 138 received
    16230 Bytes sent, 16230 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff739373 12000101
    12000303 3cd35511
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 12357, SSM segment id is 24698



This post first appeared on CCIE Service Provider Workbook, please read the originial post: here

Share the post

Overlay VPN task #1. Simple L2VPN.

×

Subscribe to Ccie Service Provider Workbook

Get updates delivered right to your inbox!

Thank you for your subscription

×