ISP DESIGN: CE DEVICE: VRF + TUNNEL + OSPF + ROUTE-MAPS + STATIC ROUTE


TOPICS

VRF CONFIGURATION

TUNNEL

OSPF CONFIGURATION, SPECIFIC FOR VRF

ROUTE MAPS & ACCESS LISTS

STATIC ROUTES

TASK


VRF CONFIGURATION

address-family ipv4 vrf abc_vrf

neighbor offnet-peer peer-group

neighbor offnet-peer default-originate

neighbor offnet-peer soft-reconfiguration inbound

neighbor offnet-peer route-map default-route-out out

neighbor 192.168.64.14 remote-as 65188

neighbor 192.168.64.14 peer-group offnet-peer

neighbor 192.168.64.14 description Peer to TW-JIA

neighbor 192.168.64.14 activate


002#sh ip vrf de

VRF abc_vrf; default RD 12641:1042637; default VPNID <not set>

Interfaces:

Lo3000                   Tu6400                   Gi0/0

VRF Table ID = 1

Export VPN route-target communities

RT:12641:1006911

Import VPN route-target communities

RT:12641:1006911

No import route-map

No export route-map

VRF label distribution protocol: not configured

VRF label allocation mode: per-prefix

 

TUNNEL

interface Tunnel6400

description to offnet sites

ip vrf forwarding abc_vrf

ip address 192.168.64.254 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication nestle12

ip nhrp map multicast dynamic

ip nhrp network-id 16864

ip nhrp holdtime 300

no ip route-cache cef

ip tcp adjust-mss 1360

load-interval 30

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key 16864

tunnel protection ipsec profile nestle6400

 

OSPF CONFIGURATION, SPECIFIC FOR VRF

002#sh run | sec ospf

ip ospf message-digest-key 1 md5 7 094B42061B0028151C

ip ospf hello-interval 2

router ospf 100 vrf  abc_vrf

router-id 141.122.172.135

log-adjacency-changes

no capability lls

area 0.0.0.0 authentication message-digest

redistribute connected subnets route-map customer_internal

redistribute static subnets route-map pglae_temp_ip

redistribute bgp 64891 subnets route-map customer_internal

network 141.122.172.128 0.0.0.15 area 0.0.0.0

default-metric 800

 

ROUTE-MAPS & ACCESS-LISTS

route-map customer_internal permit 10
match ip address customer_internal
route-map customer_internal permit 20
match ip address cnwuw_ip
set tag 800
route-map customer_internal permit 40
match ip address cnshw_ip

set tag 800

route-map pglae_temp_ip permit 10
match ip address pglae_ip
set tag 800


Standard IP access list customer_internal
10 permit 204.79.39.158 (118 matches)


Standard IP access list cnwuw_ip
20 permit 10.79.136.96, wildcard bits 0.0.0.31


Standard IP access list cnshw_ip
20 permit 10.79.136.32, wildcard bits 0.0.0.31


ip access-list standard pglae_ip
permit 204.79.35.215
permit 10.73.252.0 0.0.1.255
permit 10.73.254.0 0.0.0.255
permit 10.73.255.0 0.0.0.255
permit 159.12.141.32 0.0.0.31
permit 159.12.141.64 0.0.0.31
permit 159.12.141.20 0.0.0.3

 

STATIC ROUTES

ip route vrf abc_vrf 10.73.252.0 255.255.254.0 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 10.73.254.0 255.255.255.0 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 10.73.255.0 255.255.255.0 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 159.12.141.32 255.255.255.224 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 159.12.141.64 255.255.255.224 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 159.12.142.128 255.255.255.224 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 159.12.142.160 255.255.255.224 Tunnel6400 192.168.64.47

ip route vrf abc_vrf 204.79.35.215 255.255.255.255 Tunnel6400 192.168.64.47

 

TASK

Best way to learn is to understand topology or, simply what’s going on ?

A running network is always blend of technologies utilized at their best, for efficient working.

So, if we can co-relate technologies or concepts or configuration, it means we can understand how a network is running ?

If we can understand network, we can troubleshoot issues, based on our expertise.

Try to understand the configuration & prepare a logical diagram to understand network completely.

 

DISCLAIMER

Live Configuration has been modified for security concerns.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s