Exam (elaborations) TEST BANK FOR Advanced MPLS and VPN (AMVS) 1.0 By Pepelnjak, Ivan, Guichard, Jim (Student Guide Volume 2)

ADVANCED MPLS VPN SOLUTIONS 1-1 Overview 1-1 Course Objectives 1-2 Course Objectives – Implementation 1-3 Course Objectives – Solutions 1-4 Prerequisites 1-5 Participant Role 1-7 General Administration 1-9 Sources of Information 1-10 MPLS VPN TECHNOLOGY 2-1 Overview 2-1 Objectives 2-1 Introduction to Virtual Private Networks 2-2 Objectives 2-2 Summary 2-8 Review Questions 2-8 Overlay and Peer-to-Peer VPN 2-9 Objectives 2-9 Overlay VPN Implementations 2-13 Summary 2-23 Review Questions 2-24 Major VPN Topologies 2-25 Objectives 2-25 VPN Categorizations 2-25 Summary 2-38 Review Questions 2-38 MPLS VPN Architecture 2-39 Objectives 2-39 Summary 2-60 Review Questions 2-61 MPLS VPN Routing Model 2-62 Objectives 2-62 Summary 2-78 Review Questions 2-78 MPLS VPN Packet Forwarding 2-79 Objectives 2-79 Summary 2-91 Review Questions 2-91 Lesson Summary 2-92 Answers to Review Questions 2-93 Introduction to Virtual Private Networks 2-93 Overlay and Peer-to-Peer VPN 2-93 vi Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc. Major VPN Topologies 2-94 MPLS VPN Architecture 2-94 MPLS VPN Routing Model 2-95 MPLS VPN Packet Forwarding 2-96 MPLS/VPN CONFIGURATION ON IOS PLATFORMS 3-1 Overview 3-1 Objectives 3-1 MPLS/VPN Mechanisms in Cisco IOS 3-2 Objectives 3-2 Summary 3-16 Review Questions 3-16 Configuring Virtual Routing and Forwarding Table 3-17 Objectives 3-17 Summary 3-26 Review Questions 3-26 Configuring a Multi-Protocol BGP Session Between the PE Routers 3-27 Objectives 3-27 Summary 3-43 Review Questions 3-43 Configuring Routing Protocols Between PE and CE Routers 3-44 Objectives 3-44 Summary 3-55 Review Questions 3-55 Monitoring MPLS/VPN Operation 3-56 Objectives 3-56 Summary 3-82 Review Questions 3-82 Troubleshooting MPLS/VPN 3-83 Objectives 3-83 Summary 3-100 Review Questions 3-100 Advanced VRF Import/Export Features 3-101 Objectives 3-101 Summary 3-115 Review Questions 3-115 Advanced PE-CE BGP Configuration 3-116 Objectives 3-116 Summary 3-134 Review Questions 3-134 USING OSPF IN AN MPLS VPN ENVIRONMENT 4-1 Overview 4-1 Objectives 4-1 Using OSPF as the PE-CE Protocol in an MPLS VPN Environment 4-2 Objectives 4-2 Summary 4-26 Review Questions 4-26 Configuring and Monitoring OSPF in an MPLS VPN Environment 4-27 Objectives 4-27 Summary 4-35 Review Questions 4-35 Copyright  2000, Cisco Systems, Inc. Advanced MPLS VPN Solutions vii Summary 4-36 Answers to Review Questions 4-37 Using OSPF as the PE-CE Protocol in an MPLS VPN Environment 4-37 Configuring and Monitoring OSPF in an MPLS VPN Environment 4-37 Volume 2 MPLS VPN TOPOLOGIES 5-1 Overview 5-1 Objectives 5-1 Simple VPN with Optimal Intra-VPN Routing 5-2 Objectives 5-2 Summary 5-17 Review Questions 5-17 Using BGP as the PE-CE Routing Protocol 5-18 Objectives 5-18 Summary 5-23 Review Questions 5-23 Overlapping Virtual Private Networks 5-24 Objectives 5-24 Summary 5-33 Review Questions 5-33 Central Services VPN Solutions 5-34 Objectives 5-34 Summary 5-47 Review Questions 5-47 Hub-andSpoke VPN Solutions 5-48 Objectives 5-48 Summary 5-54 Review Questions 5-54 Managed CE-Router Service 5-55 Objectives 5-55 Summary 5-60 Review Questions 5-60 Chapter Summary 5-60 INTERNET ACCESS FROM A VPN 6-1 Overview 6-1 Objectives 6-1 Integrating Internet Access with the MPLS VPN Solution 6-2 Objectives 6-2 Summary 6-16 Review Questions 6-16 Design Options for Integrating Internet Access with MPLS VPN 6-17 Objectives 6-17 Summary 6-23 Review Questions 6-23 Leaking Between VPN and Global Backbone Routing 6-24 Objectives 6-24 Usability of Packet Leaking for Various Internet Access Services 6-32 Redundant Internet Access with Packet Leaking 6-36 Summary 6-38 Review Questions 6-38 viii Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc. Separating Internet Access from VPN Service 6-39 Objectives 6-39 Usability of Separated Internet Access for Various Internet Access Services 6-44 Summary 6-46 Review Questions 6-46 Internet Access Backbone as a Separate VPN 6-47 Objectives 6-47 Usability of Internet in a VPN Solution for Various Internet Access Services 6-52 Summary 6-56 Review Questions 6-57 Chapter Summary 6-57 MPLS VPN DESIGN GUIDELINES 7-1 Overview 7-1 Objectives 7-1 Backbone and PE-CE Link Addressing Scheme 7-2 Objectives 7-2 Summary 7-15 Review Questions 7-16 Backbone IGP Selection and Design 7-17 Objectives 7-17 Summary 7-30 Review Questions 7-31 Route Distinguisher and Route Target Allocation Schemes 7-32 Objective 7-32 Summary 7-37 Review Questions 7-37 End-to-End Convergence Issues 7-38 Objectives 7-38 Summary 7-52 Review Questions 7-52 Chapter Summary 7-53 Answers to Review Questions 7-54 Backbone and PE-CE Link Addressing Scheme 7-54 Backbone IGP Selection and Design 7-55 Route Distinguisher and Route Target Allocation Scheme 7-56 End-to-End Convergence Issues 7-56 LARGE-SCALE MPLS VPN DEPLOYMENT 8-1 Overview 8-1 Objectives 8-1 MP-BGP Scalability Mechanisms 8-2 Objectives 8-2 Summary 8-12 Review Questions 8-12 Partitioned Route Reflectors 8-13 Objectives 8-13 Summary 8-28 Review Questions 8-28 Chapter Summary 8-29 Copyright  2000, Cisco Systems, Inc. Advanced MPLS VPN Solutions ix MPLS VPN MIGRATION STRATEGIES 9-1 Overview 9-1 Objective 9-1 Infrastructure Migration 9-2 Objective 9-2 Summary 9-9 Review Questions 9-9 Customer Migration to MPLS VPN service 9-10 Objective 9-10 Generic Customer Migration Strategy 9-11 Migration From Layer-2 Overlay VPN 9-13 Migration from GRE Tunnel-Based VPN 9-16 Migration from IPSec-Based VPN 9-19 Migration from L2F-Based VPN 9-20 Migration From Unsupported PE-CE Routing Protocol 9-22 Summary 9-26 Review Questions 9-26 Chapter Summary 9-26 INTRODUCTION TO LABORATORY EXERCISES A-1 Overview A-1 Physical And Logical Connectivity A-2 IP Addressing Scheme A-5 Initial BGP Design A-7 Notes Pages A-8 LABORATORY EXERCISES—FRAME-MODE MPLS CONFIGURATION B-1 Overview B-1 Laboratory Exercise B-1: Basic MPLS Setup B-2 Objectives B-2 Command list B-2 Task 1: Configure MPLS in your backbone B-2 Task 2: Remove BGP from your P-routers B-2 Verification: B-3 Review Questions B-4 Laboratory Exercise B-2: Disabling TTL Propagation B-5 Objective B-5 Command list B-5 Task: Disable IP TTL Propagation B-5 Verification B-5 Laboratory Exercise B-3: Conditional Label Advertising B-6 Objective B-6 Command list B-6 Task: Configure Conditional Label Advertising B-6 Verification B-6 Review Questions B-7 x Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc. LABORATORY EXERCISES—MPLS VPN IMPLEMENTATION C-1 Overview C-1 Laboratory Exercise C-1: Initial MPLS VPN Setup C-2 Objectives C-2 Background Information C-2 Command list C-3 Task 1: Configure multi-protocol BGP C-3 Task 2: Configure Virtual Routing and Forwarding Tables C-4 Additional Objective C-5 Task 3: Configuring Additional CE routers C-5 Verification C-6 Laboratory Exercise C-2: Running OSPF Between PE and CE Routers C-9 Objectives C-9 Visual Objective C-9 Command list C-10 Task 1: Configure OSPF on CE routers C-10 Task 2: Configure OSPF on PE routers C-10 Verification C-11 Task 3: Configure OSPF connectivity with additional CE routers C-11 Verification C-12 Laboratory Exercise C-3: Running BGP Between the PE and CE Routers C-13 Objectives C-13 Background Information C-13 Command list C-14 Task 1: Configure Additional PE-CE link C-14 Task 2: Configure BGP as the PE-CE routing protocol C-14 Verification C-15 Task 3: Select Primary and Backup Link with BGP C-16 Verification: C-16 Task 4: Convergence Time Optimization C-17 Verification C-17 LABORATORY EXERCISES—MPLS VPN TOPOLOGIES D-1 Overview D-1 Laboratory Exercise D-1: Overlapping VPN Topology D-2 Objective D-2 Visual Objective D-2 Command list D-3 Task 1: Design your VPN solution D-4 Task 2: Remove WGxA1/WGxB1 from existing VRFs D-4 Task 3: Configure new VRFs for WGxA1 and WGxB1 D-4 Verification: D-4 Laboratory Exercise D-2: Common Services VPN D-8 Objective D-8 Background Information D-9 Command list D-10 Task 1: Design your Network Management VPN D-10 Task 2: Create Network Management VRF D-10 Verification D-11 Task 3: Establish connectivity between NMS VRF and other VRFs D-11 Verification D-11 Task 4: Establish routing between WGxPE2 and the NMS router D-12 Copyright  2000, Cisco Systems, Inc. Advanced MPLS VPN Solutions xi Verification D-13 Laboratory Exercise D-3: Internet Connectivity Through Route Leaking D-14 Objective D-14 Visual Objective D-14 Command list D-15 Task 1: Cleanup from the previous VPN exercises D-15 Task 2: Configure route leaking between customer VPN and the Internet D-15 Verification D-16 Additional exercise: Fix intra-VPN routing D-17 Laboratory Exercise D-4: Separate Interface for Internet Connectivity D-18 Objective D-18 Visual Objective D-19 Command list D-20 Task 1: Cleanup from the previous exercise D-20 Verification D-21 Task 2: Establishing connectivity in the global routing table D-21 Task 3: Routing between the PE-router and the CE-router D-21 Verification D-22 Laboratory Exercise D-5: Internet in a VPN D-23 Objective D-23 Visual Objective D-23 Command list D-24 Task 1: Design your Internet VPN D-24 Task 2: Migrate Internet routers in a VPN D-24 Verification D-25 Additional Task: Direct Internet connectivity for all CE-routers D-26 Verification D-26 INITIAL LABORATORY CONFIGURATION E-1 Overview E-1 Laboratory Exercise E-1: Initial Core Router Configuration E-2 Objective E-2 Task: Configure Initial Router Configuration E-2 Verification E-3 Laboratory Exercise E-2: Initial Customer Router Configuration E-4 Objective E-4 Task: Configure Customer Routers E-4 Verification E-5 Laboratory Exercise E-3: Basic ISP Setup E-6 Objective E-6 Task 1: Configure IS-IS in your backbone E-6 Task 2: Configure BGP in your backbone E-6 Task 3: Configure Customer Routing E-6 Task 4: Peering with other Service Providers E-7 Task 5: Establishing Network Management Connectivity E-7 Verification E-7 INITIAL ROUTER CONFIGURATION F-1 Overview F-1 Router WGxPE1 F-2 Router WGxPE2 F-4 xii Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc. Router WGxPE3 F-6 Router WGxPE4 F-8 Router WGxP F-10 Router WGxA1 F-12 Router WGxA2 F-14 Router WGxB1 F-15 Router WGxB2 F-17 5 MPLS VPN Topologies Overview This chapter describes the most commonly used MPLS VPN topologies and the design and implementation issues associated with them. It includes the following topics:
Simple VPN with optimal Intra-VPN routing
Using BGP as the PE-CE routing protocol
Overlapping Virtual Private Networks
Central Services VPN solutions
Hub-and-Spoke VPN solutions
Managed CE Router Service Objectives Upon completion of this chapter, you will be able to perform the following tasks:
Design and implement simple VPN solutions with optimal intra-VPN routing
Design and implement various routing protocols within VPNs
Design and implement central services VPN topologies
Design and implement hub-and-spoke VPN topologies
Design and implement VPN topology required for managed router services 5-2 Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc. Simple VPN with Optimal Intra-VPN Routing Objectives Upon completion of this section, you will be able to perform the following tasks:
Describe the requirements of simple VPN solutions
Describe the routing model of these solutions
Describe the optimal intra-VPN routing data flow
Select the optimal PE-CE routing protocol based on user requirements
Integrate the selected PE-CE routing protocol with the MPLS VPN backbone MP-BGP routing Copyright  2000, Cisco Systems, Inc. MPLS VPN Topologies 5-3 © 2000, Cisco Systems, Inc. Chapter 1-5 MPLS backbone Simple VPN Requirements Summary • Any site router can talk to any other site • Optimum routing across P-network is desired P-network PE-1 PE-2 CE-Spoke CE-Spoke CE-Spoke CE-Spoke In contrast with other VPN technologies, MPLS VPN supports optimum any-toany connectivity between customer sites (equivalent to the full mesh of overlay VPN networks) without the end customer having to manually configure anything. The provider only needs to configure the VPN in the Provider Edge (PE) routers. The so-called “hub-and-spoke” topology, which was primarily used to reduce the cost of the network, is no longer needed. The interconnection of CE sites is done automatically by using BGP and an IGP to find the shortest path. 5-4 Advanced MPLS VPN Solutions Copyright  2000, Cisco Systems, Inc. © 2000, Cisco Systems, Inc. Chapter 1-6 Simple VPN Routing and Data Flow • Each site needs to reach every other site in the same VPN • Each VRF belonging to simple VPN contains all VPN routes • The sites use default route or have full routing knowledge of all other sites of same VPN • Data flow is optimal in the backbone • Routing between PE routers is done based on MP-BGP Next-Hop closest to the destination • No site is used as central point for connectivity MPLS VPN architecture by default provides optimal routing between CE sites. A CE site can have full internal routing for its VPN or just a default route pointing to the PE router. The PE routers, however, need to have full routing information for the MPLS VPN network in order to provide connectivity and optimal routing. A MP-BGP next-hop address is used to find a label for a VPN destination network and the backbone IGP provides the optimal routing towards the next-hop address. Copyright  2000, Cisco Systems, Inc. MPLS VPN Topologies 5-5 © 2000, Cisco Systems, Inc. Chapter 1-7 MPLS backbone Simple VPN - Routing Information Propagation P-network PE-1 PE-2 CE-Spoke CE-Spoke CE-Spoke CE-Spoke • CE routers announce the customer routes to the PE routes • Customer routes are redistributed into MP-BGP • VPNv4 routes are propagated across P-network with the BGP next-hop of the ingress PE router (PE-1) • VPNv4 routes are inserted into target VRF based on route-target and redistributed back into the customer routing protocol • Customer routes are propagated to other CE routers When a Customer Edge (CE) router announces a network through an IGP, the PE router will redistribute and export it into Multiprotocol BGP, converting an IPv4 address into a VPNv4 address. The following list contains the most significant changes that happen with redistribution and export:
IPv4 Network Layer Reachability Information (NLRI) is converted into VPNv4 NLRI by pre-pending a route distinguisher (for example, a route distinguisher 12:13 could be prepended to an IPv4 prefix 10.0.0.0/8 resulting in a VPNv4 prefix 12:13:10:10.0.0.0/8) Note NLRI is a BGP term for a prefix (address and subnet mask)
VPNv4 NLRI also contains a label that will be used to identify the outgoing interface or the VRF where a routing lookup should be performed
A route target extended community is added based on the VRF configuration The PE router will forward VPN