Case Study - wh.cs.vsb.czwh.cs.vsb.cz/sps/images/6/6a/TPS-CaseStudy-1617L-v2.pdfAdvanced Computer...
12
Advanced Computer Networks Summer term 2016/17 Petr Grygárek Case Study Network Configuration
Transcript of Case Study - wh.cs.vsb.czwh.cs.vsb.cz/sps/images/6/6a/TPS-CaseStudy-1617L-v2.pdfAdvanced Computer...
Advanced Computer NetworksSummer term 2016/17
Petr Grygárek
Case Study
Network Configuration
Internet IPv4 + IPv6
PEinet
Psp Service Provider s MPLS/IPv4 coreIGP1 process 1 + LDP
+ router loopbacks
Corporate WAN MPLS/IPv4 coreIGP2 process 2 + LDP
+ router loopbacks
PEwan1 PEwan2
Overview
R1 R2
Pwan
PEwan0
PEsp1 PEsp2
PEinet interface Loopback 789
7.8.9.1/24, 2001:7:8:9::1/64
simulates IPv4 and IPv6 Internet
VRF A
VRF B
VRF A
VRF B
VRF C
Global Global
AS 65002
AS 65001
AS 789
VRF A
L2
VRF A
L2VRF B VRF B
VRF A VRF B VRF A VRF B
Global
Global VRF B Global VRF B
VRF A VRF B VRF A VRF B
ACLACL
interface Loopback 77
77.77.77.1 255.255.255.0
2001:77:77:77::1/64
Psp
Service Provider Core
Corporate WAN MPLS/IPv4 core
Pwan
PEwan1 PEwan2
PEwan0
PEinet
Physical Topology
in Virl
PEsp1 PEsp2
R2
g0/1
g0/1
g0/2
g0/2
g0/2
g0/3
g0/1g0/1
g0/3g0/3
g0/4 g0/4
g0/1
VRF A
g0/2
VRF B
R1
g0/1
VRF A
g0/2
VRF B
g0/1 g0/1
g0/2 g0/2
g0/1
g0/1
g0/2 g0/3
eth1
eth1 eth1
eth1
PEwanX
VRF A
VRF A
VRF B
VRF B BGP AS 6510x
BGP AS 65002
Branch Office Infra
(drawing for branch office X, same topology in all branches)
Rx
OSPF/OSPFv3 area X
OSPF/OSPFv3 process X0
Separate transport BGP
sessions for IPv4 and IPv6
PEwan1
VRF AVRF B
PEwan2
VRF AVRF B
VRF C
i/e
PEwan0
Corporate WAN MPLS/IPv4 core
IGP2 process 2 + LDP
AS 65002 Pwan
BGP Route Reflector
IPv4 L3 MPLS/VPN WAN / 6VPE
loopback 777
77.77.77.1/24
2001:77:77:77::1/64
RD 65002:777
RT export 65002:1
RT import 65002:2
redistribute BGP<->OSPF redistribute BGP<->OSPF
PMPLS/IPv4 core
IGP1 process 1 + LDP
PEsp1 PEsp2
VLAN tag
VAAX
VLAN tag
VAAY
g0/3.VAAYg0/3.VAAX
VRF A VRF A
g0/1.VAAX g0/1.VAAY
VRF A Backup over AToM PW
R1 R2
floating static routes
to segments
in other branch
office 2
floating static routes
to segments
in other branch
office 1
OSPF with PEwan1 OSPF with PEwan1
MPLS i/e
in Corporate WAN,
IBGP<->OSPF
redistribution
P
PEsp1 PEsp2
VLAN tag
VAAX
VLAN tag
VAAY
g0/3.VAAYg0/3.VAAX
VRF T VRF T
ga0/1.VAAY
VRF A VRF A
i/e i/e
ga0/1.VAAX
AToM VRF A Backup – via VRF T
R1 R2
OSPF with PEwan1 OSPF with PEwan1
MPLS i/e
in Corporate WAN,
IBGP<->OSPF
redistribution
floating static routes
to segments
in other branch
office 2
floating static routes
to segments
in other branch
office 1
MPLS/IPv4 core
IGP1 process 1 + LDP
R1
Internet
PEinet
Psp
Lo 789
7.8.9.1/24
2001:7:8:9::1/64
Static default route from VRF A via global
Static route from global to VRF A local server subnet
g0/3.VG
static
0/0
::0
PEsp1 PEsp2
Service Provider s MPLS/IPv4 core
IGP1 process 1 + LDP
VRF A
Global
static to
VRF A
server
subnet
0/0
::0
BGP-free core / 6PE
Internet access for VRF A
R2
IPv4/IPv6 static routes to
VRF A subnets behind R1g0/1.VG
VRF A routes
not known on Psp
AS 65001
Global Global
VRF A
Global
Global
No routes passed between PEsp1 and PEsp2 because of IBGP-IBGP
route passing rules
No IBGP session between
PEsp1 and PEsp2
PEsp1 PEsp2
Service Provider s MPLS/IPv4 core
VRF B VRF B
VRF B VRF B
GRE/IPSec
IKE phase 1: authentication pre-shared keys
Specify rest of IKE phase1 + phase 2 parameters by yourselves.
Use IPSec tunnel mode (default).
Use router loopbacks for tunnel source/destination.
Pwan
IPSec/GRE VRF B Backup &
Internet connectivity via IPSec/GRE tunnels
R1 R2
Internet
PEinet
Lo 789
7.8.9.1/24
2001:7:8:9::1/64
WANCore BGP Route Reflector
IBGP via L3
MPLS/VPNIBGP via L3
MPLS/VPN
static static
PEwan1 PEwan2
VRF B VRF B
g0/1.VBB
g0/3.VBB
g0/1.VBB
g0/3.VBB
static
0/0
::0
0/0
::0
Global
PEsp1 PEsp2
Service Provider s MPLS/IPv4 core
VRF B VRF B
VRF B VRF B
Pwan
IPSec/GRE VRF B Backup &
Internet connectivity via DMVPN
R1 R2
Internet
PEinet
Lo 789
7.8.9.1/24
2001:7:8:9::1/64
WANCore BGP Route Reflector
IBGP via L3
MPLS/VPNIBGP via L3
MPLS/VPNPEwan1 PEwan2
VRF B VRF B
g0/1.VBB
g0/3.VBB
g0/1.VBB
g0/3.VBB
static
to local
server
subnet
0/0
::/0
0/0
::/0
DMVPN Spoke
tun100 multipoint
DMVPN Hub
tun100 multipoint
DMVPN Spoke
tun100 multipoint
Redistribute static->RIP
DMVPN
connecting
subnet
/24 / /164
RIPv2 / RIPNG
static
to local
server
subnet
Redstribute connected
loopback 789 -> RIP
Redistribute static->RIP
Use infrastructure loopbacks
for tunnel source/destination
IKE phase 1: authentication pre-share
IKE phase 2: ESP
Global
PEsp1 PEsp2
Service Provider s MPLS/IPv4 core
Tun200 multipoint
2002:<loIP>:pppp::1/64
6to4:
Tun200 multipoint
2002:<loIP>:pppp::1/64Use infrastructure loopbacks for tunnel source/destination
6to4 Backup
and Internet VRF B
Internet
PEinet
Lo 789
2001:7:8:9::1/64
VRF BVRF B
Tun200 multipoint
2002:<loIP>:pppp::1/64
VRF B VRF B
R1 R2
static static
interface tunnel200
tunnel mode ipv6ip 6to4
ipv6 address 2002:<Lo1IP>:pppp::1/64
ipv6 route <others side VRF B server segment> <PEspXLoopbackIP>:cccc::1
ipv6 route ::/0 2002:<PEinet-InfraLoopbackIP>:pppp::1
::/0
static
to local
server
subnet
::/0
static
to local
server
subnetg0/1.VBB
g0/3.VBB
g0/1.VBB
g0/3.VBB
PwanWANCore BGP Route Reflector
IBGP via L3
MPLS/VPN
IBGP via L3
MPLS/VPN
PEwan1 PEwan2
VRF B VRF B
Global
PEsp1 PEsp2
Service Provider s MPLS/IPv4 core
Tun 202
multipointTun 202
multipoint
ISATAP Backup
and Internet VRF B
Internet
PEinet
Lo 789
2001:7:8:9::1/64
VRF BVRF B
VRF B VRF B
R1 R2
static static
Tun 202
multipoint
Use infrastructure loopbacks for tunnel source/destination
interface tunnel202
tunnel mode ipv6ip isatap
ipv6 address 2001:EEEE::<localLoIP>/64
ipv6 route <others side VRF B server segment> 2001:EEEE::5EFE:<PEspXLoIP>
ipv6 route ::/0 2001:xxxx::5EFE:<PEinetLoIP>
g0/1.VBB
g0/3.VBB
g0/1.VBB
g0/3.VBB
::/0
static
to local
server
subnet
::/0
static
to local
server
subnet
site prefix 2001:xxxx::/32
PwanWANCore BGP Route Reflector
IBGP via L3
MPLS/VPN
IBGP via L3
MPLS/VPN
PEwan1 PEwan2
VRF B VRF B
Global
