Static PE-CE Routing Overview, Configuration, and Verification

Static PE to CE routing is one of the most common routing techniques used in MPLS VPN deployments. Static PE-CE routing is an optimal solution for sites either having a single PE-CE connection or limited number of subnets in the customer edge (CE) network or both. Static PE to CE routing also prevents the customer or the service provider from intentionally or accidentally flooding each other with false routing information. The service provider therefore retains control over customer routing. Static PE-CE routing might increase the provider's operational and administrative overheads to maintain static routes. This is because static PE-CE routing does not provide dynamic rerouting and therefore requires additional configuration for every new prefix on the PE routers and possibly on the CE router in the absence of a default route.

Static PE-CE routing involves the following:

On a CE router:

  • Configuring static routes to specific remote CE networks in the same VPN

    or

  • Configuring a static default route

On a PE router:

  • Configuring a static VRF route to reach the connected CE router's networks. This static VRF route is redistributed in MP-iBGP and propagated as a VPNv4 prefix to the remote PE router.

The following are the advantages of using static PE-CE routing:

  • Simple to implement
  • Service provider retains control of customer routing
  • Promotes a stable environment

The following are the disadvantages of using static PE-CE routing:

  • No dynamic rerouting capability in failure scenarios
  • Increase in administrative and operational overhead for service providers to maintain static routes

Configuration Flowchart to Implement Static PE-CE Routing

Figure 4-1 shows the configuration flowchart to implement static PE-CE routing on PE routers.

Figure 4-1. Configuration Flowchart to Configure Static PE-CE Routing

Note

Refer to Chapter 3, "Basic MPLS Overview and Configuration," for a configuration flowchart to define VRF and its attribute.

 

Configuring Static PE-CE Routing

The network topology in Figure 4-2 depicts an ATM-based MPLS VPN provider network providing MPLS VPN services to Customer A sites, Site 1 and Site 2. The MPLS provider network comprises PE1-AS1 and PE2-AS1 as PE routers. P1-AS1 and P2-AS1 are LS1010 switches and function as provider routers. The MPLS VPN provider network is running OSPF as the IGP routing protocol on PE1-AS1, P1-AS1, P2-AS1, and PE2-AS1. PE routers PE1-AS1 and PE2-AS1 are configured for MP-iBGP connectivity.

Figure 4-2. Provider Network Implementing Static PE-CE Routing

Customer A wants to have connectivity between the Site 1 network (172.16.10.0/24) and Site 2 network (172.16.20.0/24). Site 1 and Site 2 belong to the same VPN, VPN-A. Site 1 and Site 2 comprise CE routers CE1-A and CE2-A, which are connected to PE1-AS1 and PE2-AS1, respectively. A static default route is configured on CE1-A and CE2-A routers. The MPLS VPN provider network plans to deploy static PE-CE routing on PE routers PE1-AS1 and PE2-AS1.

Prior to configuring static PE-CE routing, ensure that IP addresses are preconfigured and VRFs defined on PE router. Example 4-1 provides the configuration related to defining VRF and its attributes on PE routers for static PE-CE routing.

Example 4-1. Define VRF VRF-STATIC on PE Routers PE1-AS1 and PE2-AS1

PE1-AS1(config)#ip vrf VRF-STATIC

PE1-AS1(config-vrf)# rd 1:100

PE1-AS1(config-vrf)#route-target both 1:100

PE1-AS1(config-vrf)#interface FastEthernet0/0

PE1-AS1(config-if)# ip vrf forwarding VRF-STATIC

PE1-AS1(config-if)# ip address 172.16.1.1 255.255.255.252

__________________________________________________________________________

PE2-AS1(config)#ip vrf VRF-STATIC

PE2-AS1(config-vrf)# rd 1:100

PE2-AS1(config-vrf)# route-target both 1:100

PE2-AS1(config-vrf)#interface Ethernet1/0

PE2-AS1(config-if)# ip vrf forwarding VRF-STATIC

PE2-AS1(config-if)# ip address 172.16.2.1 255.255.255.252

The steps to configure static PE-CE routing are as follows:

Step 1.

Configure per VRF static route on PE routers – Configure per VRF static route for VRF VRF-STATIC on the PE1-AS1 and PE2-AS1 router. This is shown in Example 4-2.
 

Example 4-2. Configure per VRF Static Route on the PE Routers

PE1-AS1(config)#ip route vrf VRF-Static 172.16.10.0 255.255.255.0 172.16.1.2

_____________________________________________________________________________

PE2-AS1(config)#ip route vrf VRF-Static 172.16.20.0 255.255.255.0 172.16.2.2
 

Step 2.

Configure IPv4 address-family and redistribute in BGP – Create an IPv4 address family for VRF VRF-STATIC on the PE1-AS1 and PE2-AS1 router. Redistribute the per VRF static route configured in Step 1 into BGP on the PE1-AS1 and PE2-AS1 router. Also redistribute the connected interface in BGP on PE1-AS1 to ensure that the connected interface network is known to PE2-AS1 in order to reach the CE1-A network, 172.16.10.0. Instead of using the redistribute connected command, you can also use the BGP network command to advertise the connected interface. Example 4-3 demonstrates using the redistribute connected on PE1-AS1 and using BGP network command to advertise the connected interface on PE2-AS1.
 

Example 4-3. Configure IPv4 Address Family and Redistribution in BGP

PE1-AS1(config)#router bgp 1

PE1-AS1(config-router)#address-family ipv4 vrf VRF-STATIC

PE1-AS1(config-router-af)#redistribute static

PE1-AS1(config-router-af)#redistribute connected

____________________________________________________________________

PE2-AS1(config)#router bgp 1

PE2-AS1(config-router)#address-family ipv4 vrf VRF-STATIC

PE2-AS1(config-router-af)#redistribute static

PE2-AS1(config-router-af)#network 172.16.2.0 mask 255.255.255.252
 

Static PE-CE Routing – Final Device Configurations for CE Routers (CE1-A and CE2-A)

Example 4-4 shows CE router configurations for CE1-A and CE2-A.

Example 4-4. CE1-A and CE2-A Router Configuration

hostname CE1-A

!

interface Loopback0

 ip address 172.16.10.1 255.255.255.0

!

interface FastEthernet0/0

description connected to PE1-AS1

 ip address 172.16.1.2 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 172.16.1.1

__________________________________________________________________________

hostname CE2-A

!

interface Loopback0

 ip address 172.16.20.1 255.255.255.0

!

interface Ethernet0/0

description connected to PE2-AS1

 ip address 172.16.2.2 255.255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 172.16.2.1

 

Static PE-CE Routing – Final Device Configuration for Provider Routers (P1-AS1 and P2-AS1)

Example 4-5 shows the configuration for LS1010 ATM switches performing the function of provider routers P1-AS1 and P2-AS1 in the MPLS VPN provider network.

Example 4-5. P1-AS1 and P2-AS1 Router Configuration

hostname P1-AS1

!

mpls label protocol ldp

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.200 255.255.255.255

!

interface ATM4/0/0

description connected to P2-AS1

ip address 10.10.10.5 255.255.255.252

mpls ip

!

interface ATM4/0/2

description connected to PE1-AS1

ip address 10.10.10.2 255.255.255.252

mpls ip

!

router ospf 1

 network 10.0.0.0 0.255.255.255 area 0

__________________________________________________________________________

hostname P2-AS1

!

mpls label protocol ldp

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.201 255.255.255.255

!

interface ATM4/0/0

description connected to P1-AS1

 ip address 10.10.10.6 255.255.255.252

 mpls ip

!

interface ATM4/0/1

description connected to PE2-AS1

 ip address 10.10.10.9 255.255.255.252

 mpls ip

!

router ospf 1

 network 10.0.0.0 0.255.255.255 area 0

 

Static PE-CE Routing – Final Device Configurations for PE Routers (PE1-AS1 and PE2-AS1)

Example 4-6 shows final configurations for PE1-AS1 and PE2-AS1 routers for static PE-CE routing.

Example 4-6. PE1-AS1 and PE2-AS1 Router Configurations

hostname PE1-AS1

!

ip cef

!

ip vrf VRF-STATIC

 rd 1:100

 route-target export 1:100

 route-target import 1:100

!

mpls label protocol ldp

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.101 255.255.255.255

!

interface FastEthernet0/0

 ip vrf forwarding VRF-STATIC

 ip address 172.16.1.1 255.255.255.252

!

interface ATM2/0

 no ip address

 no atm ilmi-keepalive

!

interface ATM2/0.1 mpls

 description Connection to P1-AS1

 ip address 10.10.10.1 255.255.255.252

mpls ip

!

router ospf 1

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 1

 no synchronization

 neighbor 10.10.10.102 remote-as 1

 neighbor 10.10.10.102 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 10.10.10.102 activate

 neighbor 10.10.10.102 send-community extended

 no auto-summary

 exit-address-family

 !

 address-family ipv4 vrf VRF-STATIC

 redistribute static

 redistribute connected

 no auto-summary

 no synchronization

 exit-address-family

!

ip classless

ip route vrf VRF-STATIC 172.16.10.0 255.255.255.0 172.16.1.2

__________________________________________________________________________

hostname PE2-AS1

!

ip cef

!

ip vrf VRF-STATIC

 rd 1:100

 route-target export 1:100

 route-target import 1:100

!

mpls label protocol ldp

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.102 255.255.255.255

!

interface Ethernet1/0

description connected to CE2-A

 ip vrf forwarding VRF-STATIC

 ip address 172.16.2.1 255.255.255.252

!

interface ATM2/0

 no ip address

!

interface ATM2/0.1 mpls

 description connected to P2-AS1

 ip address 10.10.10.10 255.255.255.252

 mpls ip

!

router ospf 100

 network 10.10.0.0 0.0.255.255 area 0

!

router bgp 1

 no synchronization

 neighbor 10.10.10.101 remote-as 1

 neighbor 10.10.10.101 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 10.10.10.101 activate

 neighbor 10.10.10.101 send-community extended

 no auto-summary

 exit-address-family

 !

 address-family ipv4 vrf VRF-STATIC

 no auto-summary

 no synchronization

 redistribute static

 network 172.16.2.0 mask 255.255.255.252

 exit-address-family

!

ip classless

ip route vrf VRF-STATIC 172.16.20.0 255.255.255.0 172.16.2.2

 

Verification of Static PE-CE Routing

The steps to verify static PE-CE routing are as follows:

Step 1.

Verify BGP VPNv4 routing tables on PE1-AS1 and PE2-AS1 – Check the BGP VPNv4 routing tables by issuing a show ip bgp vpnv4 vrf VRF-STATIC on the PE routers. Example 4-7 shows that PE1-AS1 and PE2-AS1 routers see routes for 172.16.20.0/24 (CE2-A) and 172.16.10.0/24 (CE1-A) networks in their BGP table. Note that 172.16.2.0 is advertised with IGP as the origin because it was advertised via network statement in BGP as compared to the 172.16.1.0/24 for which the origin code is incomplete because it was redistributed in BGP.
 

Example 4-7. BGP VPNv4 Routing Table

PE1-AS1#show ip bgp vpnv4 vrf VRF-STATIC

BGP table version is 67, local router ID is 10.10.10.101

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete



 Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf VRF-STATIC)

*> 172.16.1.0/30 0.0.0.0 0 32768 ?

*>i172.16.2.0/30 10.10.10.102 0 100 0 i

*> 172.16.10.0/24 172.16.1.2 0 32768 ?

*>i172.16.20.0/24 10.10.10.102 0 100 0 ?

________________________________________________________________________________

PE2-AS1#show ip bgp vpnv4 vrf VRF-STATIC

BGP table version is 61, local router ID is 10.10.10.102

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete



 Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf VRF-STATIC)

*>i172.16.1.0/30 10.10.10.101 0 100 0 ?

*> 172.16.2.0/30 0.0.0.0 0 32768 i

*>i172.16.10.0/24 10.10.10.101 0 100 0 ?

*> 172.16.20.0/24 172.16.2.2 0 32768 ?
 

Step 2.

Verify VRF routing table on PE1-AS1 and PE2-AS1 – Check the VRF routing table to determine if routes are received from connected CE and remote CE routers belonging to the same VPN. Example 4-8 shows that PE1-AS1 has received 172.16.20.0/24 (CE2-A) and 172.16.2.0/24 routes from the PE2-AS1 router.
 

Example 4-8. VRF-STATIC Routing Table on PE1-AS1 and PE2-AS1

PE1-AS1#show ip route vrf VRF-STATIC



 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B 172.16.20.0/24 [200/0] via 10.10.10.102, 00:02:12

S 172.16.10.0/24 [1/0] via 172.16.1.2

C 172.16.1.0/30 is directly connected, FastEthernet0/0

B 172.16.2.0/30 [200/0] via 10.10.10.102, 19:28:26

_____________________________________________________________________

PE2-AS1#show ip route vrf VRF-STATIC



 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

S 172.16.20.0/24 [1/0] via 172.16.2.2

B 172.16.10.0/24 [200/0] via 10.10.10.101, 19:26:21

B 172.16.1.0/30 [200/0] via 10.10.10.101, 00:05:05

C 172.16.2.0/30 is directly connected, Ethernet1/0
 

Step 3.

Verify end-to-end connectivity using ping – Verify end-to-end connectivity between the CE1-A and CE2-A networks by issuing a ping from CE1-A to network 172.16.20.0/24 on CE2-A and vice versa. Example 4-9 shows that the ping has been successful.
 

Example 4-9. Verify Reachability via Ping

CE1-A#ping 172.16.20.1 source 172.16.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.10.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

__________________________________________________________________________

CE2-A#ping 172.16.10.1 source 172.16.20.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.20.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
 




MPLS Configuration on Cisco IOS Software
MPLS Configuration on Cisco IOS Software
ISBN: 1587051990
EAN: 2147483647
Year: 2006
Pages: 130
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net