TEST BANK FOR Advanced MPLS and VPN (AMVS) 1.0 By Pepelnjak, Ivan, Guichard, Jim

ADVANCED MPLS VPN SOLUTIONS 1-1
Overview 1-1
Course Objectives 1-2
Course Objectives – Implementation 1-3
Course Objectives – Solutions 1-4
Prerequisites 1-5
Participant Role 1-7
General Administration 1-9
Sources of Information 1-10
MPLS VPN TECHNOLOGY 2-1
Overview 2-1
Objectives 2-1
Introduction to Virtual Private Networks 2-2
Objectives 2-2
Summary 2-8
Review Questions 2-8
Overlay and Peer-to-Peer VPN 2-9
Objectives 2-9
Overlay VPN Implementations 2-13
Summary 2-23
Review Questions 2-24
Major VPN Topologies 2-25
Objectives 2-25
VPN Categorizations 2-25
Summary 2-38
Review Questions 2-38
MPLS VPN Architecture 2-39
Objectives 2-39
Summary 2-60
Review Questions 2-61
MPLS VPN Routing Model 2-62
Objectives 2-62
Summary 2-78
Review Questions 2-78
MPLS VPN Packet Forwarding 2-79
Objectives 2-79
Summary 2-91
Review Questions 2-91
Lesson Summary 2-92
Answers to Review Questions 2-93
Introduction to Virtual Private Networks 2-93
Overlay and Peer-to-Peer VPN 2-93
vi Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc.
Major VPN Topologies 2-94
MPLS VPN Architecture 2-94
MPLS VPN Routing Model 2-95
MPLS VPN Packet Forwarding 2-96
MPLS/VPN CONFIGURATION ON IOS PLATFORMS 3-1
Overview 3-1
Objectives 3-1
MPLS/VPN Mechanisms in Cisco IOS 3-2
Objectives 3-2
Summary 3-16
Review Questions 3-16
Configuring Virtual Routing and Forwarding Table 3-17
Objectives 3-17
Summary 3-26
Review Questions 3-26
Configuring a Multi-Protocol BGP Session Between the PE Routers 3-27
Objectives 3-27
Summary 3-43
Review Questions 3-43
Configuring Routing Protocols Between PE and CE Routers 3-44
Objectives 3-44
Summary 3-55
Review Questions 3-55
Monitoring MPLS/VPN Operation 3-56
Objectives 3-56
Summary 3-82
Review Questions 3-82
Troubleshooting MPLS/VPN 3-83
Objectives 3-83
Summary 3-100
Review Questions 3-100
Advanced VRF Import/Export Features 3-101
Objectives 3-101
Summary 3-115
Review Questions 3-115
Advanced PE-CE BGP Configuration 3-116
Objectives 3-116
Summary 3-134
Review Questions 3-134
USING OSPF IN AN MPLS VPN ENVIRONMENT 4-1
Overview 4-1
Objectives 4-1
Using OSPF as the PE-CE Protocol in an MPLS VPN Environment 4-2
Objectives 4-2
Summary 4-26
Review Questions 4-26
Configuring and Monitoring OSPF in an MPLS VPN Environment 4-27
Objectives 4-27
Summary 4-35
Review Questions 4-35
Copyright  2000, Cisco Systems, Inc. Advanced MPLS VPN Solutions vii
Summary 4-36
Answers to Review Questions 4-37
Using OSPF as the PE-CE Protocol in an MPLS VPN Environment 4-37
Configuring and Monitoring OSPF in an MPLS VPN Environment 4-37
Volume 2
MPLS VPN TOPOLOGIES 5-1
Overview 5-1
Objectives 5-1
Simple VPN with Optimal Intra-VPN Routing 5-2
Objectives 5-2
Summary 5-17
Review Questions 5-17
Using BGP as the PE-CE Routing Protocol 5-18
Objectives 5-18
Summary 5-23
Review Questions 5-23
Overlapping Virtual Private Networks 5-24
Objectives 5-24
Summary 5-33
Review Questions 5-33
Central Services VPN Solutions 5-34
Objectives 5-34
Summary 5-47
Review Questions 5-47
Hub-andSpoke VPN Solutions 5-48
Objectives 5-48
Summary 5-54
Review Questions 5-54
Managed CE-Router Service 5-55
Objectives 5-55
Summary 5-60
Review Questions 5-60
Chapter Summary 5-60
INTERNET ACCESS FROM A VPN 6-1
Overview 6-1
Objectives 6-1
Integrating Internet Access with the MPLS VPN Solution 6-2
Objectives 6-2
Summary 6-16
Review Questions 6-16
Design Options for Integrating Internet Access with MPLS VPN 6-17
Objectives 6-17
Summary 6-23
Review Questions 6-23
Leaking Between VPN and Global Backbone Routing 6-24
Objectives 6-24
Usability of Packet Leaking for Various Internet Access Services 6-32
Redundant Internet Access with Packet Leaking 6-36
Summary 6-38
Review Questions 6-38
viii Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc.
Separating Internet Access from VPN Service 6-39
Objectives 6-39
Usability of Separated Internet Access for Various Internet
Access Services 6-44
Summary 6-46
Review Questions 6-46
Internet Access Backbone as a Separate VPN 6-47
Objectives 6-47
Usability of Internet in a VPN Solution for Various Internet
Access Services 6-52
Summary 6-56
Review Questions 6-57
Chapter Summary 6-57
MPLS VPN DESIGN GUIDELINES 7-1
Overview 7-1
Objectives 7-1
Backbone and PE-CE Link Addressing Scheme 7-2
Objectives 7-2
Summary 7-15
Review Questions 7-16
Backbone IGP Selection and Design 7-17
Objectives 7-17
Summary 7-30
Review Questions 7-31
Route Distinguisher and Route Target Allocation Schemes 7-32
Objective 7-32
Summary 7-37
Review Questions 7-37
End-to-End Convergence Issues 7-38
Objectives 7-38
Summary 7-52
Review Questions 7-52
Chapter Summary 7-53
Answers to Review Questions 7-54
Backbone and PE-CE Link Addressing Scheme 7-54
Backbone IGP Selection and Design 7-55
Route Distinguisher and Route Target Allocation Scheme 7-56
End-to-End Convergence Issues 7-56
LARGE-SCALE MPLS VPN DEPLOYMENT 8-1
Overview 8-1
Objectives 8-1
MP-BGP Scalability Mechanisms 8-2
Objectives 8-2
Summary 8-12
Review Questions 8-12
Partitioned Route Reflectors 8-13
Objectives 8-13
Summary 8-28
Review Questions 8-28
Chapter Summary 8-29
Copyright  2000, Cisco Systems, Inc. Advanced MPLS VPN Solutions ix
MPLS VPN MIGRATION STRATEGIES 9-1
Overview 9-1
Objective 9-1
Infrastructure Migration 9-2
Objective 9-2
Summary 9-9
Review Questions 9-9
Customer Migration to MPLS VPN service 9-10
Objective 9-10
Generic Customer Migration Strategy 9-11
Migration From Layer-2 Overlay VPN 9-13
Migration from GRE Tunnel-Based VPN 9-16
Migration from IPSec-Based VPN 9-19
Migration from L2F-Based VPN 9-20
Migration From Unsupported PE-CE Routing Protocol 9-22
Summary 9-26
Review Questions 9-26
Chapter Summary 9-26
INTRODUCTION TO LABORATORY EXERCISES A-1
Overview A-1
Physical And Logical Connectivity A-2
IP Addressing Scheme A-5
Initial BGP Design A-7
Notes Pages A-8
LABORATORY EXERCISES—FRAME-MODE MPLS CONFIGURATION B-1
Overview B-1
Laboratory Exercise B-1: Basic MPLS Setup B-2
Objectives B-2
Command list B-2
Task 1: Configure MPLS in your backbone B-2
Task 2: Remove BGP from your P-routers B-2
Verification: B-3
Review Questions B-4
Laboratory Exercise B-2: Disabling TTL Propagation B-5
Objective B-5
Command list B-5
Task: Disable IP TTL Propagation B-5
Verification B-5
Laboratory Exercise B-3: Conditional Label Advertising B-6
Objective B-6
Command list B-6
Task: Configure Conditional Label Advertising B-6
Verification B-6
Review Questions B-7
x Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc.
LABORATORY EXERCISES—MPLS VPN IMPLEMENTATION C-1
Overview C-1
Laboratory Exercise C-1: Initial MPLS VPN Setup C-2
Objectives C-2
Background Information C-2
Command list C-3
Task 1: Configure multi-protocol BGP C-3
Task 2: Configure Virtual Routing and Forwarding Tables C-4
Additional Objective C-5
Task 3: Configuring Additional CE routers C-5
Verification C-6
Laboratory Exercise C-2: Running OSPF Between PE and CE Routers C-9
Objectives C-9
Visual Objective C-9
Command list C-10
Task 1: Configure OSPF on CE routers C-10
Task 2: Configure OSPF on PE routers C-10
Verification C-11
Task 3: Configure OSPF connectivity with additional CE routers C-11
Verification C-12
Laboratory Exercise C-3: Running BGP Between the PE and CE Routers C-13
Objectives C-13
Background Information C-13
Command list C-14
Task 1: Configure Additional PE-CE link C-14
Task 2: Configure BGP as the PE-CE routing protocol C-14
Verification C-15
Task 3: Select Primary and Backup Link with BGP C-16
Verification: C-16
Task 4: Convergence Time Optimization C-17
Verification C-17
LABORATORY EXERCISES—MPLS VPN TOPOLOGIES D-1
Overview D-1
Laboratory Exercise D-1: Overlapping VPN Topology D-2
Objective D-2
Visual Objective D-2
Command list D-3
Task 1: Design your VPN solution D-4
Task 2: Remove WGxA1/WGxB1 from existing VRFs D-4
Task 3: Configure new VRFs for WGxA1 and WGxB1 D-4
Verification: D-4
Laboratory Exercise D-2: Common Services VPN D-8
Objective D-8
Background Information D-9
Command list D-10
Task 1: Design your Network Management VPN D-10
Task 2: Create Network Management VRF D-10
Verification D-11
Task 3: Establish connectivity between NMS VRF and other VRFs D-11
Verification D-11
Task 4: Establish routing between WGxPE2 and the NMS router D-12
Copyright  2000, Cisco Systems, Inc. Advanced MPLS VPN Solutions xi
Verification D-13
Laboratory Exercise D-3: Internet Connectivity Through Route Leaking D-14
Objective D-14
Visual Objective D-14
Command list D-15
Task 1: Cleanup from the previous VPN exercises D-15
Task 2: Configure route leaking between customer VPN and
the Internet D-15
Verification D-16
Additional exercise: Fix intra-VPN routing D-17
Laboratory Exercise D-4: Separate Interface for Internet Connectivity D-18
Objective D-18
Visual Objective D-19
Command list D-20
Task 1: Cleanup from the previous exercise D-20
Verification D-21
Task 2: Establishing connectivity in the global routing table D-21
Task 3: Routing between the PE-router and the CE-router D-21
Verification D-22
Laboratory Exercise D-5: Internet in a VPN D-23
Objective D-23
Visual Objective D-23
Command list D-24
Task 1: Design your Internet VPN D-24
Task 2: Migrate Internet routers in a VPN D-24
Verification D-25
Additional Task: Direct Internet connectivity for all CE-routers D-26
Verification D-26
INITIAL LABORATORY CONFIGURATION E-1
Overview E-1
Laboratory Exercise E-1: Initial Core Router Configuration E-2
Objective E-2
Task: Configure Initial Router Configuration E-2
Verification E-3
Laboratory Exercise E-2: Initial Customer Router Configuration E-4
Objective E-4
Task: Configure Customer Routers E-4
Verification E-5
Laboratory Exercise E-3: Basic ISP Setup E-6
Objective E-6
Task 1: Configure IS-IS in your backbone E-6
Task 2: Configure BGP in your backbone E-6
Task 3: Configure Customer Routing E-6
Task 4: Peering with other Service Providers E-7
Task 5: Establishing Network Management Connectivity E-7
Verification E-7
INITIAL ROUTER CONFIGURATION F-1
Overview F-1
Router WGxPE1 F-2
Router WGxPE2 F-4
xii Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc.
Router WGxPE3 F-6
Router WGxPE4 F-8
Router WGxP F-10
Router WGxA1 F-12
Router WGxA2 F-14
Router WGxB1 F-15
Router WGxB2 F-17
5
MPLS VPN Topologies
Overview
This chapter describes the most commonly used MPLS VPN topologies and the
design and implementation issues associated with them.
It includes the following topics:
Simple VPN with optimal Intra-VPN routing
Using BGP as the PE-CE routing protocol
Overlapping Virtual Private Networks
Central Services VPN solutions
Hub-and-Spoke VPN solutions
Managed CE Router Service
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Design and implement simple VPN solutions with optimal intra-VPN routing
Design and implement various routing protocols within VPNs
Design and implement central services VPN topologies
Design and implement hub-and-spoke VPN topologies
Design and implement VPN topology required for managed router services
5-2 Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc.
Simple VPN with Optimal Intra-VPN Routing
Objectives
Upon completion of this section, you will be able to perform the following tasks:
Describe the requirements of simple VPN solutions
Describe the routing model of these solutions
Describe the optimal intra-VPN routing data flow
Select the optimal PE-CE routing protocol based on user requirements
Integrate the selected PE-CE routing protocol with the MPLS VPN backbone
MP-BGP routing
Copyright  2000, Cisco Systems, Inc. MPLS VPN Topologies 5-3
© 2000, Cisco Systems, Inc. www.cisco.com Chapter 1-5
MPLS
backbone
Simple VPN
Requirements Summary
• Any site router can talk to any other site
• Optimum routing across P-network is desired
P-network
PE-1 PE-2
CE-Spoke
CE-Spoke
CE-Spoke
CE-Spoke
In contrast with other VPN technologies, MPLS VPN supports optimum any-toany
connectivity between customer sites (equivalent to the full mesh of overlay
VPN networks) without the end customer having to manually configure anything.
The provider only needs to configure the VPN in the Provider Edge (PE) routers.
The so-called “hub-and-spoke” topology, which was primarily used to reduce the
cost of the network, is no longer needed. The interconnection of CE sites is done
automatically by using BGP and an IGP to find the shortest path.
5-4 Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc.
© 2000, Cisco Systems, Inc. www.cisco.com Chapter 1-6
Simple VPN
Routing and Data Flow
• Each site needs to reach every other site in
the same VPN
• Each VRF belonging to simple VPN contains all
VPN routes
• The sites use default route or have full routing
knowledge of all other sites of same VPN
• Data flow is optimal in the backbone
• Routing between PE routers is done based on
MP-BGP Next-Hop closest to the destination
• No site is used as central point for
connectivity
MPLS VPN architecture by default provides optimal routing between CE sites. A
CE site can have full internal routing for its VPN or just a default route pointing
to the PE router. The PE routers, however, need to have full routing information
for the MPLS VPN network in order to provide connectivity and optimal routing.
A MP-BGP next-hop address is used to find a label for a VPN destination
network and the backbone IGP provides the optimal routing towards the next-hop
address.
Copyright  2000, Cisco Systems, Inc. MPLS VPN Topologies 5-5
© 2000, Cisco Systems, Inc. www.cisco.com Chapter 1-7
MPLS
backbone
Simple VPN - Routing
Information Propagation
P-network
PE-1 PE-2
CE-Spoke
CE-Spoke
CE-Spoke
CE-Spoke
• CE routers announce the customer routes to the PE routes
• Customer routes are redistributed into MP-BGP
• VPNv4 routes are propagated across P-network with the BGP next-hop
of the ingress PE router (PE-1)
• VPNv4 routes are inserted into target VRF based on route-target and
redistributed back into the customer routing protocol
• Customer routes are propagated to other CE routers
When a Customer Edge (CE) router announces a network through an IGP, the PE
router will redistribute and export it into Multiprotocol BGP, converting an IPv4
address into a VPNv4 address. The following list contains the most significant
changes that happen with redistribution and export:
IPv4 Network Layer Reachability Information (NLRI) is converted into
VPNv4 NLRI by pre-pending a route distinguisher (for example, a route
distinguisher 12:13 could be prepended to an IPv4 prefix 10.0.0.0/8 resulting
in a VPNv4 prefix 12:13:10:10.0.0.0/8)
Note NLRI is a BGP term for a prefix (address and subnet mask)
VPNv4 NLRI also contains a label that will be used to identify the outgoing
interface or the VRF where a routing lookup should be performed
A route target extended community is added based on the VRF configuration
The PE router will forward VPN