13.7 Route Distinguishers


If customers are using RFC 1918 addressing, it is possible for addresses to overlap between two different VPNs. This overlap is tolerable because with this implementation of VPNs, there is a special identifier that is carried with the traffic to preserve uniqueness. This VPN identifier is known as a route distinguisher (RD), which, as defined in RFC 2547, is used "to allow one to create distinct routes to a common IPv4 address prefix." The RD is a part of the VPN-IPv4 address family and is used to identify the VPN routes exchanged between PE routers. The notation for the VPN-IPv4 identifier is a 12-byte field that includes an 8-byte RD and a 4-byte IPv4 prefix. To break this down further, the RD field is divided into a 2-byte type field, and a 6-byte value field. The value of the type field will determine the encoding used by the RD. In other words, if the type field value is 0, then the RD will be encoded with an ASN. If the type field value is 1, then the RD will be an IP address. Figure 13-8 shows the structure of the RD.

Figure 13-8. Route Distinguisher (RD)

graphics/13fig08.gif

This VPN-IPv4 address family is an address notation used by the multiprotocol extensions of BGP that allow BGP to carry routes from multiple address families. Traditionally, BGP could only carry routes for IPv4. Through the use of these multiprotocol extensions defined in RFC 2858, BGP can now carry routes from other address families. This is how the route information that is exchanged between the service provider's PE routers is carried in 2547bis VPNs.

In this configuration, one PE router will service many different customers and will use the RD to prefix each customer's routes to uniquely identify its traffic. Figure 13-9 shows an example of how the RD is being used. Let's say that PE router Chicago has two different customer sites (CEs) connected using two different VPNs. The first site is Rome, and the other is Seattle. When PE router Chicago advertises the received routes from the two CE sites, they will be uniquely identified with an RD. The RD is represented either by an ASN and an assigned number or by an IP address and an assigned number. These values are chosen when configuring the routing-instance for the VPN. The next example will use the ASN. Chicago will add the RD 64000:100 to the route coming in from Rome and the RD 64000:200 for the route from Seattle. With the use of the RD, the two different 172.16.0.0 networks can be uniquely identified. If an IP address is used in the RD instead of an ASN, then the PE router will prefix the customer's routes with its own IP address. One uses the AS or a global IP simply to ensure uniqueness of the RD itself because these numbers are controlled. Hence, privately owned IP addresses or privately owned ASNs are always used to populate these fields.

Figure 13-9. Using a Route Distinguisher (RD)

graphics/13fig09.gif

In Figure 13-9, PE router New York receives the 10.100.0.0/16 routes from CE router Berlin and CE router Hong Kong. The New York PE router will add an RD based on its own IP address to distinguish it from other routes with the same prefix. The New York PE router will advertise the route from Berlin with an RD of 192.168.2.1:0 and the route from Hong Kong with an RD of 192.168.2.1:1 . This, again, will uniquely identify the routes coming from different customers. This combination of the RD and the IP prefix is known as the VPNv4 address. The VPN routing information is distributed across the provider network and is exchanged between PE routers using BGP.

In this type of configuration, the provider's equipment includes the routers that make up their Internet network and provide the VPN and other services to customers. The provider equipment used for VPN services can be defined as PE routers and P routers. The PE routers are the workhorses of the service provider's VPN infrastructure. These routers connect the customer equipment to the service provider's network and are used in the VPN service as the beginning point and endpoint of the MPLS tunnel. These tunnels are used for forwarding the customer's traffic across the service provider's backbone. The PE routers must be able to support VPN services and have MPLS functionality. The P router sits in the service provider's infrastructure and does not connect to any customer equipment. It is used as a part of the MPLS path that the customer's traffic will flow on. These routers must have MPLS functionality, but do not need to support VPN services as the PE routers will initiate and terminate the VPN.

The customer equipment is made up of the CE router. The CE router is located on the customer's premises and is used to connect to the service provider's network. The customer can announce to the service provider the networks that should be used in the VPN by using static routes or configuring a dynamic routing protocol, such as RIP, OSPF, and BGP.

Note

In the JUNOS implementation, IS-IS for the CE router is not supported.




Juniper Networks Reference Guide. JUNOS Routing, Configuration, and Architecture
Juniper Networks Reference Guide: JUNOS Routing, Configuration, and Architecture: JUNOS Routing, Configuration, and Architecture
ISBN: 0201775921
EAN: 2147483647
Year: 2002
Pages: 176

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net