Cisco | MPLS - L2VPN/VPLS - Enterprise Network
Jumpa lg di blog kita, kembali sy akan nulis (dari kemaren ke tunda trus) dikarenakan ahir2 ini rada-rada sibuk, dgn kerja dan bantu2 projek tman (helper 😏). Postingan ini adalah salah topologi jaringan yg pernah sy handle di tempat kerja lama (tdk udah sebutin nama ya). Topologi diatas adalah topologi coren-etwork/backbone router ntk menghubungkan jaringan antar-cabang dalam satu kota (network enterprise) . Semua kantor terhubung melalui core network router. Adapun type perangkat router-nya adalah type ASR. Disini menggunakan layanan MPLS -L2VPn dengan serice VPLS.
Virtual Private LAN Service atau disingkat VPLS merupakan multipoint VPN layer 2 yang menyediakan sebuah mekanisme yang memberikan kemampuan TLS (Transparent LAN Service) di seluruh jaringan IP atau MPLS, sehingga seluruh client yang menggunakan VPLS akan terlihat berada pada jaringan LAN (Local Area Network) yang sama.
Berikut konfigurasi IP address dimaing-masing perangkat
Komponen Perangkat Jaringan didalam LAB ini
Backbon Network (Router ASR 903, 920)
Core Switch (Cat4500)
Distribution Switch (Cat35xx
Access Switch (Cat29xx, Cisco SGxx)
Protocol
IGP = OSPF
EGP = iBGP
host ASR-NOC-903
int l0
ip add 10.28.100.11 255.255.255.255
exi
int bdi80
ip add 10.28.212.46 255.255.255.0
no shu
int gi3
ip add 10.28.100.33 255.255.255.252
no sh
exi
int gi5
ip add 10.28.100.45 255.255.255.252
shutdow
exi
int gi1
ip add 10.28.100.41 255.255.255.252
no sh
exi
int gi2
ip add 10.28.100.66 255.255.255.252
no shut
desc ##LINK TO SHP##
exi
int gi6
ip add 10.28.100.69 255.255.255.252
no shu
exi
int bdi80
ip add 10.28.212.46 255.255.255.0
no shu
exi
do wr
------------
host ASR-NGY-920
int l0
ip add 10.28.100.17 255.255.255.255
exi
int bdi80
ip add 10.28.212.52 255.255.255.0
no shu
int gi2
ip add 10.28.100.70 255.255.255.252
no shut
desc ##Backup Link to NOC##
exi
int gi1
ip add 10.28.100.34 255.255.255.252
no sh
exi
do wr
-------------
host ASR-BTC-920
int l0
ip add 10.28.100.12 255.255.255.255
exi
int bdi80
ip add 10.28.212.47 255.255.255.0
no shu
exi
int gi2
ip add 10.28.100.42 255.255.255.252
no sh
exi
int gi1
ip add 10.28.100.49 255.255.255.252
no sh
exi
do wr
--------------
host ASR-BB-902
int l0
ip add 10.28.100.13 255.255.255.255
exi
int bdi80
ip add 10.28.212.48 255.255.255.0
no shu
exi
int gi1
ip add 10.28.100.50 255.255.255.252
no sh
exi
int gi2
ip add 10.28.100.53 255.255.255.252
no sh
exi
int gi3
ip add 10.28.100.46 255.255.255.252
shut
exi
do wr
----------------------
host ASR-MKG-902
int l0
ip add 10.28.100.14 255.255.255.255
exi
int bdi80
ip add 10.28.212.49 255.255.255.0
no shu
exi
int gi1
ip add 10.28.100.55 255.255.255.252
no sh
exi
int gi2
ip add 10.28.100.57 255.255.255.252
no sh
exi
int gi3
ip add 10.28.100.74 255.255.255.252
shut
descr #Link back to SGL##
exi
do wr
----------------------
host ASR-SGL-902
int l0
ip add 10.28.100.15 255.255.255.255
exi
int bdi80
ip add 10.28.212.50 255.255.255.0
no shu
exi
int gi1
ip add 10.28.100.58 255.255.255.252
no sh
exi
int gi2
ip add 10.28.100.61 255.255.255.252
no sh
exi
int gi3
ip add 10.28.100.73 255.255.255.252
no shut
descr #Link back to MKG ##
exi
do wr
----------------
host ASR-SHP-902
int l0
ip add 10.28.100.16 255.255.255.255
exi
int bdi80
ip add 10.28.212.51 255.255.255.0
no shu
exi
int gi1
ip add 10.28.100.62 255.255.255.252
no sh
exi
int gi2
ip add 10.28.100.65 255.255.255.252
no sh
exi
do wr
===========================
TAHAP 2 : ROUTING IGP (OSPF)
ROUTER ASR-NOC-903
router ospf 1
network 10.28.100.11 0.0.0.0 area 0
network 10.28.100.33 0.0.0.0 area 0
network 10.28.100.41 0.0.0.0 area 0
network 10.28.100.45 0.0.0.0 area 0
network 10.28.100.66 0.0.0.0 area 0
network 10.28.100.69 0.0.0.0 area 0
mpls ldp autoconfig
exit
!
ROUTER ASR-NGY-920
router ospf 1
network 10.28.100.17 0.0.0.0 area 0
network 10.28.100.34 0.0.0.0 area 0
network 10.28.100.70 0.0.0.0 area 0
mpls ldp autoconfig
exit
!
ROUTER ASR-BTC-920
router ospf 1
network 10.28.100.12 0.0.0.0 area 0
network 10.28.100.42 0.0.0.0 area 0
network 10.28.100.49 0.0.0.0 area 0
mpls ldp autoconfig
exit
!
ROUTER ASR-BB-920
router ospf 1
network 10.28.100.13 0.0.0.0 area 0
network 10.28.100.46 0.0.0.0 area 0
network 10.28.100.50 0.0.0.0 area 0
network 10.28.100.53 0.0.0.0 area 0
mpls ldp autoconfig
exit
!
ROUTER ASR-MKG-920
router ospf 1
network 10.28.100.14 0.0.0.0 area 0
network 10.28.100.54 0.0.0.0 area 0
network 10.28.100.57 0.0.0.0 area 0
network 10.28.100.74 0.0.0.0 area 0
mpls ldp autoconfig
exit
!
ROUTER ASR-SGL-920
router ospf 1
network 10.28.100.15 0.0.0.0 area 0
network 10.28.100.58 0.0.0.0 area 0
network 10.28.100.61 0.0.0.0 area 0
network 10.28.100.73 0.0.0.0 area 0
mpls ldp autoconfig
exit
!
ROUTER ASR-SHP-920
router ospf 1
network 10.28.100.16 0.0.0.0 area 0
network 10.28.100.62 0.0.0.0 area 0
network 10.28.100.65 0.0.0.0 area 0
mpls ldp autoconfig
exit
===============================================
TAHAP 3 : iBGP (advertises IP loopback)
ASR-NOC903
router bgp 65010
bgp router-id 10.28.100.11
bgp log-neighbor-changes
no bgp default route-target filter
neighbor iBGP peer-group
neighbor iBGP remote-as 65010
neighbor iBGP update-source Loopback0
neighbor 10.28.100.12 peer-group iBGP
neighbor 10.28.100.13 peer-group iBGP
neighbor 10.28.100.14 peer-group iBGP
neighbor 10.28.100.15 peer-group iBGP
neighbor 10.28.100.16 peer-group iBGP
neighbor 10.28.100.17 peer-group iBGP
!
address-family ipv4
neighbor iBGP route-reflector-client
neighbor 10.28.100.12 activate
neighbor 10.28.100.13 activate
neighbor 10.28.100.14 activate
neighbor 10.28.100.15 activate
neighbor 10.28.100.16 activate
neighbor 10.28.100.17 activate
exit-address-family
!
address-family l2vpn vpls
neighbor iBGP send-community extended
neighbor iBGP route-reflector-client
neighbor iBGP suppress-signaling-protocol ldp
neighbor 10.28.100.12 activate
neighbor 10.28.100.13 activate
neighbor 10.28.100.14 activate
neighbor 10.28.100.15 activate
neighbor 10.28.100.16 activate
neighbor 10.28.100.17 activate
exit-address-family
exit
!
ip default-gateway 10.28.212.7
-----------------
ASR-NGY
router bgp 65010
bgp router-id 10.28.100.17
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.28.100.11 remote-as 65010
neighbor 10.28.100.11 update-source Loopback0
!
address-family ipv4
neighbor 10.28.100.11 activate
exit-address-family
!
address-family l2vpn vpls
neighbor 10.28.100.11 activate
neighbor 10.28.100.11 send-community extended
neighbor 10.28.100.11 suppress-signaling-protocol ldp
exit-address-family
exit
!
ip default-gateway 10.28.212.7
-----------------------
ASR-BTC
router bgp 65010
bgp router-id 10.28.100.12
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.28.100.11 remote-as 65010
neighbor 10.28.100.11 update-source Loopback0
address-family ipv4
neighbor 10.28.100.11 activate
exit-address-family
address-family l2vpn vpls
neighbor 10.28.100.11 activate
neighbor 10.28.100.11 send-community extended
neighbor 10.28.100.11 suppress-signaling-protocol ldp
exit-address-family
exit
ip default-gateway 10.28.212.7
-----------------------------------------------
ASR-BB
router bgp 65010
bgp router-id 10.28.100.13
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.28.100.11 remote-as 65010
neighbor 10.28.100.11 update-source Loopback0
address-family ipv4
neighbor 10.28.100.11 activate
exit-address-family
address-family l2vpn vpls
neighbor 10.28.100.11 activate
neighbor 10.28.100.11 send-community extended
neighbor 10.28.100.11 suppress-signaling-protocol ldp
exit-address-family
exit
ip default-gateway 10.28.212.7
------------------------
ASR-MKG
router bgp 65010
bgp router-id 10.28.100.14
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.28.100.11 remote-as 65010
neighbor 10.28.100.11 update-source Loopback0
address-family ipv4
neighbor 10.28.100.11 activate
exit-address-family
address-family l2vpn vpls
neighbor 10.28.100.11 activate
neighbor 10.28.100.11 send-community extended
neighbor 10.28.100.11 suppress-signaling-protocol ldp
exit-address-family
exit
ip default-gateway 10.28.212.7
----------------------
ASR-SHP
router bgp 65010
bgp router-id 10.28.100.16
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.28.100.11 remote-as 65010
neighbor 10.28.100.11 update-source Loopback0
address-family ipv4
neighbor 10.28.100.11 activate
exit-address-family
address-family l2vpn vpls
neighbor 10.28.100.11 activate
neighbor 10.28.100.11 send-community extended
neighbor 10.28.100.11 suppress-signaling-protocol ldp
exit-address-family
exit
ip default-gateway 10.28.212.7
--------------
ASR-SGL
router bgp 65010
bgp router-id 10.28.100.15
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.28.100.11 remote-as 65010
neighbor 10.28.100.11 update-source Loopback0
address-family ipv4
neighbor 10.28.100.11 activate
exit-address-family
address-family l2vpn vpls
neighbor 10.28.100.11 activate
neighbor 10.28.100.11 send-community extended
neighbor 10.28.100.11 suppress-signaling-protocol ldp
exit-address-family
exit
ip default-gateway 10.28.212.7
=========================================
TAHAP 4 : KONFIG VPLS
ASR-NOC903
int gi4
description *LINK TO SW2*
no ip address
no shutdown
service instance 13 ethernet
encapsulation dot1q 13
rewrite ingress tag pop 1 symmetric
exi
service instance 42 ethernet
encapsulation dot1q 42
rewrite ingress tag pop 1 symmetric
exi
service instance 80 ethernet
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
exi
service instance 11 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
exi
service instance 12 ethernet
encapsulation dot1q 12
rewrite ingress tag pop 1 symmetric
exi
exi
----------------
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn vfi context VLAN13
vpn id 13
autodiscovery bgp signaling bgp
ve id 11
exi
exi
l2vpn vfi context VLAN42
vpn id 42
autodiscovery bgp signaling bgp
ve id 11
exi
exi
l2vpn vfi context VLAN43
vpn id 43
autodiscovery bgp signaling bgp
ve id 11
exi
exi
l2vpn vfi context VLAN80
vpn id 80
autodiscovery bgp signaling bgp
ve id 11
exi
exi
l2vpn vfi context VLAN11
vpn id 11
autodiscovery bgp signaling bgp
ve id 11
exi
exi
l2vpn vfi context VLAN12
vpn id 12
autodiscovery bgp signaling bgp
ve id 11
exi
exi
--------------
Next Config bridge-domain
bridge-domain 43
member gi4 service-instance 43
member vfi VLAN43
exit
bridge-domain 42
member gi4 service-instance 42
member vfi VLAN42
exit
bridge-domain 80
member gi4 service-instance 80
member vfi VLAN80
exit
bridge-domain 11
member gi4 service-instance 11
member vfi VLAN11
exit
bridge-domain 12
member gi4 service-instance 12
member vfi VLAN12
exit
do wr
ASR-NGY (KONFIG VPLS)
int gi3
description *LINK TO SW-NGY*
no ip address
no shutdown
service instance 13 ethernet
encapsulation dot1q 13
rewrite ingress tag pop 1 symmetric
exi
service instance 42 ethernet
encapsulation dot1q 42
rewrite ingress tag pop 1 symmetric
exi
service instance 43 ethernet
encapsulation dot1q 43
rewrite ingress tag pop 1 symmetric
exi
service instance 80 ethernet
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
exi
service instance 11 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
exi
service instance 12 ethernet
encapsulation dot1q 12
rewrite ingress tag pop 1 symmetric
exi
exi
----------------
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn vfi context VLAN13
vpn id 13
autodiscovery bgp signaling bgp
ve id 17
exi
exi
l2vpn vfi context VLAN42
vpn id 42
autodiscovery bgp signaling bgp
ve id 17
exi
exi
l2vpn vfi context VLAN43
vpn id 43
autodiscovery bgp signaling bgp
ve id 17
exi
exi
l2vpn vfi context VLAN80
vpn id 80
autodiscovery bgp signaling bgp
ve id 17
exi
exi
l2vpn vfi context VLAN11
vpn id 11
autodiscovery bgp signaling bgp
ve id 17
exi
exi
l2vpn vfi context VLAN12
vpn id 12
autodiscovery bgp signaling bgp
ve id 17
exi
exi
--------------
bridge-domain 43
member gi3 service-instance 43
member vfi VLAN43
exit
bridge-domain 42
member gi3 service-instance 42
member vfi VLAN42
exit
bridge-domain 80
member gi3 service-instance 80
member vfi VLAN80
exit
bridge-domain 11
member gi3 service-instance 11
member vfi VLAN11
exit
bridge-domain 12
member gi3 service-instance 12
member vfi VLAN12
exit
bridge-domain 13
member gi3 service-instance 13
member vfi VLAN13
exit
do wr
--------------------
ASR-SHP
int gi3
description *LINK TO SW-SHP*
no ip address
no shutdown
service instance 13 ethernet
encapsulation dot1q 13
rewrite ingress tag pop 1 symmetric
exi
service instance 42 ethernet
encapsulation dot1q 42
rewrite ingress tag pop 1 symmetric
exi
service instance 43 ethernet
encapsulation dot1q 43
rewrite ingress tag pop 1 symmetric
exi
service instance 80 ethernet
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
exi
service instance 11 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
exi
service instance 12 ethernet
encapsulation dot1q 12
rewrite ingress tag pop 1 symmetric
exi
exi
----------------
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn vfi context VLAN13
vpn id 13
autodiscovery bgp signaling bgp
ve id 16
exi
exi
l2vpn vfi context VLAN42
vpn id 42
autodiscovery bgp signaling bgp
ve id 16
exi
exi
l2vpn vfi context VLAN43
vpn id 43
autodiscovery bgp signaling bgp
ve id 16
exi
exi
l2vpn vfi context VLAN80
vpn id 80
autodiscovery bgp signaling bgp
ve id 16
exi
exi
l2vpn vfi context VLAN11
vpn id 11
autodiscovery bgp signaling bgp
ve id 16
exi
exi
l2vpn vfi context VLAN12
vpn id 12
autodiscovery bgp signaling bgp
ve id 16
exi
exi
--------------
bridge-domain 43
member gi3 service-instance 43
member vfi VLAN43
exit
bridge-domain 42
member gi3 service-instance 42
member vfi VLAN42
exit
bridge-domain 80
member gi3 service-instance 80
member vfi VLAN80
exit
bridge-domain 11
member gi3 service-instance 11
member vfi VLAN11
exit
bridge-domain 12
member gi3 service-instance 12
member vfi VLAN12
exit
bridge-domain 13
member gi3 service-instance 13
member vfi VLAN13
exit
do wr
============================
ASR-SGL
int gi4
description *LINK TO SW-sgl*
no ip address
no shutdown
service instance 13 ethernet
encapsulation dot1q 13
rewrite ingress tag pop 1 symmetric
exi
service instance 42 ethernet
encapsulation dot1q 42
rewrite ingress tag pop 1 symmetric
exi
service instance 80 ethernet
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
exi
service instance 11 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
exi
service instance 12 ethernet
encapsulation dot1q 12
rewrite ingress tag pop 1 symmetric
exi
exi
----------------
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn vfi context VLAN13
vpn id 13
autodiscovery bgp signaling bgp
ve id 15
exi
exi
l2vpn vfi context VLAN42
vpn id 42
autodiscovery bgp signaling bgp
ve id 15
exi
exi
l2vpn vfi context VLAN43
vpn id 43
autodiscovery bgp signaling bgp
ve id 15
exi
exi
l2vpn vfi context VLAN80
vpn id 80
autodiscovery bgp signaling bgp
ve id 15
exi
exi
l2vpn vfi context VLAN11
vpn id 11
autodiscovery bgp signaling bgp
ve id 15
exi
exi
l2vpn vfi context VLAN12
vpn id 12
autodiscovery bgp signaling bgp
ve id 15
exi
exi
--------------
bridge-domain 43
member gi4 service-instance 43
member vfi VLAN43
exit
bridge-domain 42
member gi4 service-instance 42
member vfi VLAN42
exit
bridge-domain 80
member gi4 service-instance 80
member vfi VLAN80
exit
bridge-domain 11
member gi4 service-instance 11
member vfi VLAN11
exit
bridge-domain 12
member gi4 service-instance 12
member vfi VLAN12
exit
do wr
==========
VERIFIKASI
sh mpls ldp ne
sh mpls l2transport summary
show bridge-domain 43
show bridge-domain 11
show mpls ip binding all
show l2vpn vfi name VLAN11
show l2vpn signaling rib detail
show l2vpn service all
=========================
KONFIG SWITCH
conf t
hostname CS2
vlan 43
nam V43
exi
vlan 42
nam V42
exi
vlan 80
nam V80
exi
vlan 11
nam V11
exi
vlan 12
nam V12
exi
int vlan 43
no shu
ip add 10.28.43.254 255.255.255.0
exi
int vlan 42
no shu
ip add 10.28.42.254 255.255.255.0
exi
int vlan 80
no shu
ip add 10.28.212.254 255.255.255.0
exi
int vlan 11
no shu
ip add 10.28.1.254 255.255.255.0
exi
int vlan 12
no shu
ip add 10.28.2.254 255.255.255.0
exi
int gi0/0
no shu
no ip add
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
exi
int gi0/1
switchport mode acc
switchport access vlan 42
exi
int gi0/2
switchport mode acc
switchport access vlan 43
exi
Posting Komentar untuk "Cisco | MPLS - L2VPN/VPLS - Enterprise Network"