SanFrancisco(config)#router isis EuroBank SanFrancisco(config-router)#is-type level-1
SanFrancisco# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.2.14 to network 0.0.0.0
196.7.25.0/32 is subnetted, 3 subnets
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced i ia 196.7.25.2 [115/20] via 192.168.2.14, Serial1/0
i L1 196.7.25.3 [115/10] via 192.168.2.14, Serial1/0 i ia 196.7.25.1 [115/20] via 192.168.2.14, Serial1/0 10.0.0.0/32 is subnetted, 1 subnets
C 10.2.1.1 is directly connected, Loopback0 192.168.2.0/30 is subnetted, 2 subnets
C 192.168.2.12 is directly connected, Serial1/0 i ia 192.168.2.24 [115/20] via 192.168.2.14, Serial1/0 i*L1 0.0.0.0/0 [115/10] via 192.168.2.14, Serial1/0
The output from Example 3-24 highlights a couple of interesting points. The first thing to notice is that the routes from other EuroBank sites are no longer Level 2 but ia (IS-IS
interarea). This is because the CE router no longer holds a Level 2 database; it sees any routes that are not within the local site as interarea routes that are reachable via the PE router. These interarea routes are available due to a process known as route leaking, which will be discussed later in this chapter.
The second observation is that a default route that is pointing toward the PE router has been installed in the CE router's routing table. The Level 1 router uses this default route to indicate how to exit the area to reach destinations that are not local to the area.
Level 2 PE Router to CE Router Connectivity
Our second example concentrates on the FastFoods VPN, which has sites in San Jose and Lyon, France, as illustrated in Figure 3-12. This type of connectivity requires some additional
configuration from that in Example 3-15 because the default IS type needs to be changed to Level 2 only. This can be achieved by using the is-type level-2-only command within the IS-IS process configuration.
Figure 3-12. FastFoods Level 2 IS-IS Topology
As in the Level 1-2 example, you can view the topology of the routers within the FastFoods San
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced Jose site by using the show isis topology command. You can view the adjacency formation by using the show clns neighbors command, as shown in Example 3-25.
Example 3-25. FastFoods Level 2 IS-IS Topology
SanJosePE# show isis topology
Area FastFoods:
IS-IS paths to level-2 routers
System Id Metric Next-Hop Interface SNPA SanJoseCE 10 SanJoseCE Se3/0/1 *HDLC*
SanJosePE
--SanJosePE# show clns neighbor Area FastFoods:
System Id Interface SNPA State Holdtime Type Protocol SanJoseCE Se3/0/1 *HDLC* Up 27 L2 IS-IS
SanJosePE# show clns neighbor detail Area FastFoods:
System Id Interface SNPA State Holdtime Type Protocol SanJoseCE Se3/0/1 *HDLC* Up 29 L2 IS-IS Area Address(es): 47.3456
IP Address(es): 192.168.2.18*
Uptime: 00:37:57
The FastFoods VPN only has a Level 2 database. Example 3-26 shows the IS-IS database information for the San Jose CE router, as well as its routing table built from this database.
This output shows all the local prefix information, but it does not include remote FastFoods site routes because redistribution to/from the MPLS/VPN backbone has yet to be configured.
Example 3-26. FastFood Level 2 IS-IS Database
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced SanJoseCE# show isis database detail
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL SanJoseCE.00-00 * 0x0000000E 0xBDBD 487 0/0/0 Area Address: 47.3456
NLPID: 0xCC Hostname: SanJoseCE IP Address: 195.12.2.1
Metric: 10 IS-Extended SanJosePE.00 Metric: 0 IP 195.12.2.1/32
Metric: 10 IP 192.168.2.16/30
SanJosePE.00-00 0x0000000E 0x34C8 727 0/0/0 Area Address: 47.0001.0194
Area Address: 47.3456 NLPID: 0xCC Hostname: SanJosePE IP Address: 195.12.2.2
Metric: 10 IS-Extended SanJoseCE.00 Metric: 0 IP 195.12.2.2/32
Metric: 10 IP 192.168.2.16/30
SanJoseCE# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced P - periodic downloaded static route
Gateway of last resort is not set
195.12.2.0/32 is subnetted, 2 subnets
C 195.12.2.1 is directly connected, Loopback0 i L2 195.12.2.2 [115/10] via 192.168.2.17, Serial1/1 192.168.2.0/30 is subnetted, 1 subnets
C 192.168.2.16 is directly connected, Serial1/1
For the San Jose CE router to learn routes from other FastFoods sites, redistribution from IS-IS to Multiprotocol BGP and from Multiprotocol BGP to IS-IS-IS-IS must be configured at the San Jose PE router. After this redistribution has been completed and all relevant routes have been distributed between the San Jose and Paris PE routers, the San Jose CE router can see all remote sites via a Level 2 route, as shown in Example 3-27.