Case Study 5: Implementing Dynamic Layer 3 VPNs Using mGRE Tunnels

Case Study 5 Implementing Dynamic Layer 3 VPNs Using mGRE Tunnels

This case study delves into the implementation of dynamic Layer 3 VPNs using mGRE tunnels. Implementation of mGRE tunnels creates a multipoint tunnel network as an overlay to the IP backbone that interconnects the PE routers to transport VPN traffic. The multipoint tunnel uses BGP to distribute VPNv4 information between PE routers. The advertised next hop in BGP VPNv4 triggers tunnel endpoint discovery. Dynamic L3 VPN implementation over mGRE tunnels provides the ability for multiple SPs to cooperate and offer a joint VPN service with traffic tunneled directly from the ingress PE router at one service provider directly to the egress PE router at a different SP site.

When implementing dynamic Layer 3 VPNs over mGRE tunnels, the addition of new remote VPN peers is simplified because only the new router needs to be configured. The new address is learned dynamically and propagated to the other nodes in the network.

In Figure 14-33, Customer A Routers CE1-A, CE2-A, and CE3-A are to be connected using dynamic Layer 3 VPNs over mGRE tunnels, by the SP routers PE1-AS1, PE1-AS2, and PE1-AS3. Static PE to CE is configured for the Customer A CE routers. In addition, no MPLS is configured in the core transport network and all traffic between Customer A sites is propagated using mGRE tunnels between the PE routers in the SP network.

Figure 14-33. Case Study 5: Topology and basic configuration for Layer 3 VPN over mGRE

Figure 14-33 shows the base configuration of devices prior to the implementation of Layer 3 VPN over mGRE tunnels. All configurations on the PE routers are similar to regular static PE to CE configurations except no MPLS is enabled on the core interfaces; mGRE tunnels are configured next to enable route propagation between PE routers that belong to Customer A.

Configuring Layer 3 VPN over mGRE Tunnels

Figure 14-34 shows the flowchart for configuration of the PE routers in addition to the configuration shown in Figure 14-33. The steps in the flowchart are outlined here:

Step 1.

Configure an additional VRF to transport mGRE.

 

Step 2.

Configure a tunnel interface and assign it as part of the mGRE-associated VRF. Configure an IP address and a tunnel mode to be gre multipoint l3vpn. Also, configure the tunnel key.

 

Step 3.

Configure a default route for the mGRE VRF pointing to the tunnel interface.

 

Step 4.

Configure route-map to set the next-hop resolution to the mGRE VRF.

 

Step 5.

Associate the route-map inbound for VPNv4 routes learned from MP-BGP neighbors.

 

Figure 14-34. Case Study 5: Layer 3 VPN over mGRE Configuration Flowchart

Figure 14-35 shows the Layer 3 VPN over mGRE tunnels configuration for the PE1-AS1, PE2-AS1, and PE3-AS1 routers. The highlighted portion depicts the important configuration steps for implementation of Layer 3 VPN over mGRE tunnels.

Figure 14-35. Case Study 5: Layer 3 VPN over mGRE Configuration

 

Verifications for Case Study 5

The verifications for Case Study 5 are shown in Figure 14-36.

Figure 14-36. Case Study 5: Verifications

 

Final Configurations for Layer 3 VPN over mGRE Tunnels for PE Routers

Figure 14-37 shows the final configurations for PE Routers PE1-AS1, PE2-AS1, and PE3-AS1. Configurations for the P1-AS1 router and the CE routers remain the same as shown earlier in Figure 14-33.

Figure 14-37. Case Study 5: Final Configurations for PE1-AS1, PE2-AS1, and PE3-AS1

Категории