Option 4: Non-VPN Transit Provider

Option 4 Non VPN Transit Provider

In this approach, multiple VPN providers use another MPLS-enabled service provider as a transit backbone to exchange MPLS VPN routes. Figure 7-31 shows a multiprovider MPLS VPN network using AS100 as a transit provider to transport VPN routes.

Figure 7-31. Inter-AS Using a Non-VPN Transit Provider

In this option, a multi-hop MP-eBGP session is formed between the two RRs belonging to the two different providers. To implement this option, BGP next hops need to be propagated and an end-to-end LSP path needs to be maintained.

P1-AS1-RR and P1-AS2-RR are RRs that are local in each of the provider's network. An MP-eBGP session is formed between the RRs to transport VPNv4 information across the multiprovider network. An eBGP session is formed between the ASBR1-AS1 and ASBR1-AS100. Another eBGP session is formed between ASBRs in AS2 and AS100.

Control Plane Forwarding in Option 4

Figure 7-32 shows the control plane forwarding action that takes place for prefix 172.16.10.0/24 advertised by CE1-A to CE2-A that belongs to the same VPN, CUST_A.

Figure 7-32. Control Plane Operation in a Non-VPN Transit Provider Network

 

Data Forwarding in Option 4

The source and destination networks are located on two different MPLS VPN provider networks. The data forwarding path originates from the source address of the flow, which is 172.16.20.1 destined to 172.16.10.1. Figure 7-33 traces the path of the data packet from the source to the destination.

Figure 7-33. Data Forwarding in Option 4

 

Configuration Flowchart in Option 4

Figure 7-34 shows the configuration steps that are involved in accomplishing a functional Inter-AS network using option 4.

Figure 7-34. MPLS VPN Network Using Option 4

 

Configuration and Verification of Option 4

Figure 7-31 illustrated a multiprovider MPLS VPN network in which sites in VPN-A are geographically dispersed. Site 1 in VPN-A is connected to PE1-AS1 in AS1, and Site 2 in VPN-A is connected to PE1-AS2 in AS2. EBGP peering is configured between ASBRs:

  • ASBR1-AS1 and ASBR1-AS100
  • ASBR1-AS2 and ASBR2-AS100

The steps to configure are

Step 1.

Configure transit VPN network, AS100 – Configure the ASBR Routers ASBR1-AS100 and ASBR2-AS100 for IGP, as shown in Example 7-23. In this case, OSPF is used. Configure iBGP peering between the two ASBRs for eBGP. Use neighbor send-label to enable exchange of IPv4 label exchange between the two peers.
 

Example 7-23. Configure Transit VPN Network, AS100

ASBR1-AS100(config)#interface Loopback0

ASBR1-AS100(config-if)# ip address 172.16.100.101 255.255.255.255

ASBR1-AS100(config-if)#interface Serial0/0

ASBR1-AS100(config-if)# ip address 172.16.100.1 255.255.255.252

ASBR1-AS100(config-if)# mpls ip

ASBR1-AS100(config-if)#interface Serial1/0

ASBR1-AS100(config-if)# ip address 172.16.3.2 255.255.255.252

ASBR1-AS100(config-if)#router ospf 100

ASBR1-AS100(config-router)# network 172.16.100.0 0.0.0.255 area 0

ASBR1-AS100(config-router)#router bgp 100

ASBR1-AS100(config-router)# network 172.16.100.101 mask 255.255.255.255

ASBR1-AS100(config-router)# neighbor 172.16.3.1 remote-as 1

ASBR1-AS100(config-router)# neighbor 172.16.3.1 send-label

ASBR1-AS100(config-router)# neighbor 172.16.100.102 remote-as 100

ASBR1-AS100(config-router)# neighbor 172.16.100.102 update-source Loopback0

ASBR1-AS100(config-router)# neighbor 172.16.100.102 next-hop-self

ASBR1-AS100(config-router)# neighbor 172.16.100.102 send-label

___________________________________________________________________________

ASBR2-AS100(config)#interface Loopback0

ASBR2-AS100(config-if)# ip address 172.16.100.102 255.255.255.255

ASBR2-AS100(config-if)#interface Serial0/0

ASBR2-AS100(config-if)# ip address 172.16.100.2 255.255.255.252

ASBR2-AS100(config-if)# mpls ip

ASBR2-AS100(config-if)#interface Serial1/0

ASBR2-AS100(config-if)# ip address 172.16.4.2 255.255.255.252

ASBR2-AS100(config-if)#router ospf 100

ASBR2-AS100(config-router)# network 172.16.100.0 0.0.0.255 area 0

ASBR2-AS100(config-router)#router bgp 100

ASBR2-AS100(config-router)# network 172.16.100.102 mask 255.255.255.255

ASBR2-AS100(config-router)# neighbor 172.16.4.1 remote-as 2

ASBR2-AS100(config-router)# neighbor 172.16.4.1 send-label

ASBR2-AS100(config-router)# neighbor 172.16.100.101 remote-as 100

ASBR2-AS100(config-router)# neighbor 172.16.100.101 update-source Loopback0

ASBR2-AS100(config-router)# neighbor 172.16.100.101 next-hop-self

ASBR2-AS100(config-router)# neighbor 172.16.100.101 send-label
 

Step 2.

Configure ASBR routers in AS1 and AS2 – In this step, the ASBR routers are configured to perform eBGP peering with transit VPN providers ASBR routers, ASBR1-AS100 and ASBR2-AS100. The loopbacks on PE and RR routers are advertised in BGP on the ASBR routers, and the BGP routes are redistributed in OSPF to ensure reachability. Example 7-24 demonstrates the step. Note that mpls bgp forwarding is added by default when MP-eBGP is established between ASBR1-AS1 and ASBR1-AS100. You will see this command under the serial interface in the final configurations.
 

Example 7-24. Configure ASBR Routers in AS1 and AS2

ASBR1-AS1(config)#interface Loopback0

ASBR1-AS1(config-if)# ip address 10.10.10.102 255.255.255.255

ASBR1-AS1(config-if)# exit

ASBR1-AS1(config)#mpls ldp router-id Loopback0

ASBR1-AS1(config)#interface Serial0/0

ASBR1-AS1(config-if)# ip address 10.10.10.5 255.255.255.252

ASBR1-AS1(config-if)# mpls ip

ASBR1-AS1(config-if)#interface Serial1/0

ASBR1-AS1(config-if)# ip address 172.16.3.1 255.255.255.252

ASBR1-AS1(config-if)# mpls bgp forwarding

ASBR1-AS1(config-if)#router ospf 1

ASBR1-AS1(config-router)# router-id 10.10.10.102

ASBR1-AS1(config-router)# network 10.0.0.0 0.255.255.255 area 0

ASBR1-AS1(config-router)#router bgp 1

ASBR1-AS1(config-router)# network 10.10.10.101 mask 255.255.255.255

ASBR1-AS1(config-router)# network 10.10.10.200 mask 255.255.255.255

ASBR1-AS1(config-router)# neighbor 10.10.10.200 remote-as 1

ASBR1-AS1(config-router)# neighbor 10.10.10.200 update-source Loopback0

ASBR1-AS1(config-router)# neighbor 10.10.10.200 next-hop-self

ASBR1-AS1(config-router)# neighbor 10.10.10.200 send-label

ASBR1-AS1(config-router)# neighbor 172.16.3.2 remote-as 100

ASBR1-AS1(config-router)# neighbor 172.16.3.2 send-label

________________________________________________________________________

ASBR2-AS2(config)#interface Loopback0

ASBR2-AS2(config-if)# ip address 10.20.20.102 255.255.255.255

ASBR2-AS2(config-if)#exit

ASBR2-AS2(config)#mpls ldp router-id Loopback0

ASBR2-AS2(config-if)#interface Serial0/0

ASBR2-AS2(config-if)# ip address 10.20.20.5 255.255.255.252

ASBR2-AS2(config-if)# mpls ip

ASBR2-AS2(config-if)#interface Serial1/0

ASBR2-AS2(config-if)# ip address 172.16.4.1 255.255.255.252

ASBR2-AS2(config-if)#router ospf 2

ASBR2-AS2(config-router)# router-id 10.20.20.102

ASBR2-AS2(config-router)# network 10.0.0.0 0.255.255.255 area 0

ASBR2-AS2(config-router)#router bgp 2

ASBR2-AS2(config-router)# network 10.20.20.101 mask 255.255.255.255

ASBR2-AS2(config-router)# network 10.20.20.200 mask 255.255.255.255

ASBR2-AS2(config-router)# neighbor 10.20.20.200 remote-as 2

ASBR2-AS2(config-router)# neighbor 10.20.20.200 update-source Loopback0

ASBR2-AS2(config-router)# neighbor 10.20.20.200 next-hop-self

ASBR2-AS2(config-router)# neighbor 10.20.20.200 send-label

ASBR2-AS2(config-router)# neighbor 172.16.4.2 remote-as 100

ASBR2-AS2(config-router)# neighbor 172.16.4.2 send-label
 

Step 3.

Configure MP-eBGP session between the RRs – In this step, you configure an MP-eBGP session between the RR as shown in Example 7-25. Before performing this step, ensure that the loopback addresses on the RRs are reachable. Ensure that P1-AS1-RR and P1-AS2-RR serve both as an IPv4 and VPNv4 RR.
 

Example 7-25. Configure MP-eBGP Session Between the RRs

P1-AS1-RR(config)#router bgp 1

P1-AS1-RR(config-router)# no bgp default ipv4-unicast

P1-AS1-RR(config-router)# neighbor 10.10.10.101 remote-as 1

P1-AS1-RR(config-router)# neighbor 10.10.10.101 update-source Loopback0

P1-AS1-RR(config-router)# neighbor 10.10.10.102 remote-as 1

P1-AS1-RR(config-router)# neighbor 10.10.10.102 update-source Loopback0

P1-AS1-RR(config-router)# neighbor 10.20.20.200 remote-as 2

P1-AS1-RR(config-router)# neighbor 10.20.20.200 ebgp-multihop 10

P1-AS1-RR(config-router)# neighbor 10.20.20.200 update-source Loopback0

P1-AS1-RR(config-router)# address-family ipv4

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 activate

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 route-reflector-client

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 next-hop-self

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 send-label

P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 activate

P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 route-reflector-client

P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 next-hop-self

P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 send-label

P1-AS1-RR(config-router-af)# exit-address-family

P1-AS1-RR(config-router)# address-family vpnv4

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 activate

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 send-community extended

P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 route-reflector-client

P1-AS1-RR(config-router-af)# neighbor 10.20.20.200 activate

P1-AS1-RR(config-router-af)# neighbor 10.20.20.200 send-community extended

P1-AS1-RR(config-router-af)# neighbor 10.20.20.200 next-hop-unchanged

___________________________________________________________________________

P1-AS2-RR(config)#router bgp 2

P1-AS2-RR(config-router)# no bgp default ipv4-unicast

P1-AS2-RR(config-router)# neighbor 10.10.10.200 remote-as 1

P1-AS2-RR(config-router)# neighbor 10.10.10.200 ebgp-multihop 10

P1-AS2-RR(config-router)# neighbor 10.10.10.200 update-source Loopback0

P1-AS2-RR(config-router)# neighbor 10.20.20.101 remote-as 2

P1-AS2-RR(config-router)# neighbor 10.20.20.101 update-source Loopback0

P1-AS2-RR(config-router)# neighbor 10.20.20.102 remote-as 2

P1-AS2-RR(config-router)# neighbor 10.20.20.102 update-source Loopback0

P1-AS2-RR(config-router)# address-family ipv4

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 activate

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 route-reflector-client

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 next-hop-self

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 send-label

P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 activate

P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 route-reflector-client

P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 next-hop-self

P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 send-label

P1-AS2-RR(config-router-af)# exit-address-family

P1-AS2-RR(config-router)# address-family vpnv4

P1-AS2-RR(config-router-af)# neighbor 10.10.10.200 activate

P1-AS2-RR(config-router-af)# neighbor 10.10.10.200 send-community extended

P1-AS2-RR(config-router-af)# neighbor 10.10.10.200 next-hop-unchanged

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 activate

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 send-community extended

P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 route-reflector-client
 

ASBR and RR Configurations in Option 4

Example 7-26 shows the ASBR1, ASBR2, and RR configurations when using option 4.

Example 7-26. ASBR and RR Configurations

hostname ASBR1-AS1

!

ip cef

!

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.102 255.255.255.255

!

interface Serial0/0

 ip address 10.10.10.5 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 172.16.3.1 255.255.255.252

 mpls bgp forwarding

!

router ospf 1

 router-id 10.10.10.102

 redistribute bgp 1 metric 1 subnets route-map from_AS100

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 1

 no synchronization

 network 10.10.10.101 mask 255.255.255.255

 network 10.10.10.102 mask 255.255.255.255

 network 10.10.10.200 mask 255.255.255.255

 network 100.100.100.100 mask 255.255.255.255

 neighbor 172.16.3.2 remote-as 100

 neighbor 172.16.3.2 send-label

 no auto-summary

!

ip access-list standard from_AS100

 permit 10.20.20.102

 permit 10.20.20.101

 permit 172.16.100.101

 permit 172.16.100.102

 permit 10.20.20.200

!

route-map from_AS100 permit 10

 match ip address from_AS100

_________________________________________________________________________

hostname ASBR2-AS2

!

ip cef

!

mpls ldp router-id Loopback0

!

 interface Loopback0

 ip address 10.20.20.102 255.255.255.255

!

interface Serial0/0

 ip address 10.20.20.5 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 172.16.4.1 255.255.255.252

 mpls bgp forwarding

!

router ospf 2

 router-id 10.20.20.102

 redistribute bgp 2 metric 1 subnets route-map from_AS100

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 2

 no synchronization

 network 10.20.20.101 mask 255.255.255.255

 network 10.20.20.102 mask 255.255.255.255

 network 10.20.20.200 mask 255.255.255.255

 network 100.100.100.101 mask 255.255.255.255

 neighbor 172.16.4.2 remote-as 100

 neighbor 172.16.4.2 send-label

 no auto-summary

!

ip access-list standard from_AS100

 permit 10.10.10.102

 permit 10.10.10.101

 permit 172.16.100.101

 permit 172.16.100.102

 permit 10.10.10.200

!

route-map from_AS100 permit 10

 match ip address from_AS100

_________________________________________________________________________

hostname ASBR1-AS100

!

ip cef

!

interface Loopback0

 ip address 172.16.100.101 255.255.255.255

!

interface Serial0/0

 ip address 172.16.100.1 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 172.16.3.2 255.255.255.252

 mpls bgp forwarding

!

router ospf 100

 network 172.16.100.0 0.0.0.255 area 0

!

router bgp 100

 no synchronization

 network 172.16.100.101 mask 255.255.255.255

 neighbor 172.16.3.1 remote-as 1

 neighbor 172.16.3.1 send-label

 neighbor 172.16.100.102 remote-as 100

neighbor 172.16.100.102 next-hop-self

 neighbor 172.16.100.102 update-source Loopback0

 neighbor 172.16.100.102 send-label

 no auto-summary

_________________________________________________________________________

hostname ASBR2-AS100

!

ip cef

!

interface Loopback0

 ip address 172.16.100.102 255.255.255.255

!

interface Serial0/0

 ip address 172.16.100.2 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 172.16.4.2 255.255.255.252

 mpls bgp forwarding

!

router ospf 100

network 172.16.100.0 0.0.0.255 area 0

!

router bgp 100

 no synchronization

 network 172.16.100.102 mask 255.255.255.255

 neighbor 172.16.4.1 remote-as 2

 neighbor 172.16.4.1 send-label

 neighbor 172.16.100.101 remote-as 100

 neighbor 172.16.100.101 update-source Loopback0

neighbor 172.16.100.101 next-hop-self

 neighbor 172.16.100.101 send-label

 no auto-summary

_________________________________________________________________________

hostname P1-AS1-RR

!

ip cef

!

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.200 255.255.255.255

!

interface Serial0/0

 ip address 10.10.10.2 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 10.10.10.6 255.255.255.252

 mpls ip

!

router ospf 1

 router-id 10.10.10.200

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 1

 no bgp default ipv4-unicast

 neighbor 10.10.10.101 remote-as 1

 neighbor 10.10.10.101 update-source Loopback0

 neighbor 10.20.20.200 remote-as 2

 neighbor 10.20.20.200 ebgp-multihop 255

 neighbor 10.20.20.200 update-source Loopback0

 !

 address-family vpnv4

 neighbor 10.10.10.101 activate

 neighbor 10.10.10.101 route-reflector-client

 neighbor 10.10.10.101 send-community extended

 neighbor 10.20.20.200 activate

 neighbor 10.20.20.200 next-hop-unchanged

 neighbor 10.20.20.200 send-community extended

 exit-address-family

hostname P1-AS2-RR

!

ip cef

!

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.20.20.200 255.255.255.255

!

interface Serial0/0

 ip address 10.20.20.6 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 10.20.20.2 255.255.255.252

 mpls ip

!

router ospf 2

 router-id 10.20.20.200

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 2

 no bgp default ipv4-unicast

 neighbor 10.10.10.200 remote-as 1

 neighbor 10.10.10.200 ebgp-multihop 255

 neighbor 10.10.10.200 update-source Loopback0

 neighbor 10.20.20.101 remote-as 2

 neighbor 10.20.20.101 update-source Loopback0

 !

 address-family vpnv4

 neighbor 10.10.10.200 activate

 neighbor 10.10.10.200 next-hop-unchanged

 neighbor 10.10.10.200 send-community extended

 neighbor 10.20.20.101 activate

 neighbor 10.20.20.101 route-reflector-client

 neighbor 10.20.20.101 send-community extended

 exit-address-family

 

Verifying Inter-Provider VPN Operation Using Option 4

The steps to verify inter-provider VPN operation using option 4 are

Step 1.

Verify control plane forwarding with option 4 – Figure 7-35 shows the control plane forwarding operation when the 172.16.10.0/24 prefix is propagated across the multiprovider networks AS1 and AS2 to CE2-A.
 

Figure 7-35. Control Plane Forwarding in Option 4

 

Step 2.

Verify data forwarding in option 4 – Figure 7-36 shows the data plane forwarding operation when a packet is sent from 172.16.20.1 to 172.16.10.1.
 

Figure 7-36. Data Forwarding in Option 4

 

Step 3.

Verify end-to-end connectivity via ping – Verify end-to-end connectivity between Customer A networks (172.16.10.0/24 and 172.16.20.0/24) and Customer B networks (192.168.10.0/24 and 192.168.20.0/24). Example 7-27 shows the result of the ping operation.
 

Example 7-27. Verify End-to-End Connectivity

CE1-A#ping 172.16.20.1 source 172.16.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.10.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 140/140/140 ms

__________________________________________________________________________

CE1-B#ping 192.168.20.1 source 192.168.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.10.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 132/138/140 ms
 




MPLS Configuration on Cisco IOS Software
MPLS Configuration on Cisco IOS Software
ISBN: 1587051990
EAN: 2147483647
Year: 2006
Pages: 130
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net