Professional Documents
Culture Documents
CISCO Networkers 2003 - Deploying MPLS-VPN PDF
CISCO Networkers 2003 - Deploying MPLS-VPN PDF
CISCO Networkers 2003 - Deploying MPLS-VPN PDF
Session RST-2061
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 2
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 3
Prerequisites
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 4
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Recommended Reading
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 5
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 6
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Background—Why Have MPLS-VPNs?
• Tag switching came about from Ipsilon’s IP
switching
• Cisco’s tag switching begat MPLS
• One of the fundaments of tag switching was
label stacking
• Label stacking allows the network to transport
data across it without needing routing
information in the core
Like a frame relay network doesn’t need IP routing
• MPLS-VPN = label stacking + BGP extensions
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 7
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 8
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Overlay Network
• Provider sells a circuit service
• Customers purchases circuits to
connect sites, runs IP Provider
(FR, ATM, etc.)
• N sites, (N*(N-1))/2 circuits for
full mesh—expensive
• The big scalability issue
here is routing peers—
N sites, each site has N-1 peers
• Hub and spoke is popular,
suffers from the same N-1
number of routing peers
• Hub and spoke with static routes
is simpler, still buying N-1
circuits from hub to spokes
• Spokes distant from hubs could
mean lots of long-haul circuits
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 9
Peer Network
• Provider and customer exchange IP routing
information directly
Customer only has one routing peer per site
• Need to separate customer’s IP network from
provider’s network
Customer A and Customer B need to not talk to
each other
Customer A and Customer B may have the same
address space (10.0.0.0/8, 161.44.0.0/16, etc.)
• VPN is provisioned and run by the provider
• MPLS-VPN does this without p2p connections
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 10
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Peer Network
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 11
Terminology, 1/2
• RR—Route Reflector
A router (usually not involved in packet forwarding) that distributes BGP routes
within a provider’s network
• PE—Provider Edge router
The interface between the customer and the MPLS -VPN network; only PEs (and
maybe RRs) know anything about MPLS-VPN routes
• P—Provider router
A router in the core of the MPLS-VPN network, speaks LDP/RSVP but not VPNv4
• CE—Customer Edge router
The customer router which connects to the PE; does not know anything about
labels, only IP (most of the time)
• LDP—Label Distribution Protocol
Distributes labels with a provider’s network that mirror the IGP, one way to get
from one PE to another
• LSP—Label Switched Path
The chain of labels that are swapped at each hop to get from one PE to another
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 12
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Terminology, 2/2
• VPNv4
Address family used in BGP to carry MPLS-VPN routes
• RD
Route Distinguisher, used to uniquely identify the same network/mask from
different VRFs (i.e., 10.0.0.0/8 from VPN A and 10.0.0.0/8 from VPN B)
• RT
Route Target, used to control import and export policies, to build arbitrary VPN
topologies for customers
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 13
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 14
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Theory
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 15
VRFs
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
VRFs
• Within a VRF, provider speaks a routing protocol with
their customer
• Most protocols are supported
Static routes
RIP
BGP
EIGRP
OSPF
0
• Packets will never go VPN-A
between int. 0 and 1
1
unless allowed by
VRF policy VRF for VPN -B
VPN-B
CE
CE
Will explain this policy 146.12.7.0/24
146.12.7.0/24
in the next section
• No MPLS yet…
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 18
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Carrying VPN Routes in BGP
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 19
Additions to BGP to
Carry MPLS-VPN Info
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 20
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Route Distinguisher
• To differentiate 10.0.0.0/8 in VPN-A from
10.0.0.0/8 in VPN-B
• 64-bit quantity
• Configured as ASN:YY or IPADDR:YY
Almost everybody uses ASN
• Purely to make a route unique
Unique route is now RD:IPAddr (96 bits) plus a mask on
the IPAddr portion
So customers don’t see each others routes
So route reflectors make a bestpath decision on
something other than 32-bit network + 32-bit mask
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 21
VPNv4
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 22
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Route Target
• To control policy about who sees what routes
• 64-bit quantity (2 bytes type, 6 bytes value)
• Carried as an extended community
• Typically written as ASN:YY
• Each VRF ‘imports’ and ‘exports’ one or
more RTs
Exported RTs are carried in VPNv4 BGP
Imported RTs are local to the box
• A PE that imports an RT installs that route in its
routing table
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 23
VPN C/Site 2
CEA2 12.1/16
VPN B/Site 1
CE1B1 Static CEB2
16.1/16 RIPv2
16.2/16
RIPv2
P1 PE2
CE2B1
VPN B/Site 2
BGP
RIPv2 PE1
P2 IGP/EBGP CE
Step 3 Net=16.1/16 A3
Step 1 Step 4
IGP/EBGP OSPF
Net=16.1/16
OSPF Step 2
CEA1 VPN-IPv4
Step 5 16.2/16
P3
Net=RD:16.1/16 BGP PE3
NH=PE1 CEB3 VPN A/Site 2
Route Target
16.1/16 Label=42
VPN C/Site 1
12.2/16
VPN A/Site 1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 24
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
MPLS-VPN Packet Forwarding
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 25
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 26
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Putting It All Together—
Forwarding Plane
VPN-IPv4
Net=RD:16.1/16
NH=PE1
Label=42
P1 PE2
BGP
PE1
P2 IP
CEA3
IP Dest=16.1.1.1
Dest=16.1.1.1 Step 3
Step 4 Label 42
CEA1
16.2/16
Dest=CEa1
P3 Step 2 PE3 Step 1
IP Label N
Dest=16.1.1.1 Dest=PE1 VPN A/Site 2
Label 42
16.1/16 Dest=CEa1
IP
VPN A/Site 1 Dest=16.1.1.1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 27
Import/Export Policies
• Full mesh:
All sites import X:Y and export X:Y
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 28
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Full Mesh
VPN A/Site 2
CEA2 16.5/16
All Clients Get All 16.Z/16
Routes Because All Sites CEB2
Import and Export X:Y 16.4/16
CEA1
16.2/16
P3 PE3
CEB3 VPN A/Site 2
16.1/16
VPN A/Site 1
VPN A/Site 1 16.3/16
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 29
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Hub and Spoke
CEA1
16.2/16
PE3
CEB3 VPN A/Site 2
16.1/16
VPN A/Site 1
VPN A/Site 1 16.3/16
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 31
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Hub and Spoke
0/0 CEB2
2) Spokes Export: 0/0
Net=X:S:16.X/16 16.4/16
Things to Note
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 34
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Things to Note
Label 42
PE1: 1.1.1.1/32 Dest=PE1
VRF Label
? Dest=CEa1
P1 PE3
1.1.1.0/24, L:42
PE2: 1.1.1.2/32
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 35
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 36
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Prerequisites
Global Config on PE
ip cef {distributed}
mpls ip (on by default)
CE1 PE1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 37
Build a VRF
Global Config on PE
ip vrf foo
rd 100:1
route-target import 247:1
route-target export 247:1
CE1 PE1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 38
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Attach a VRF to a Customer Interface
interface Serial0
ip vrf forwarding foo
ip address 10.1.1.1 255.255.255.0
CE1 PE1
10.1.1.2
10.1.1.1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 39
router rip
address-family ipv4 vrf foo
version 2
no auto-summary
network 10.0.0.0
exit-address-family
CE1 PE1
10.1.1.2
10.1.1.1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 40
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Run an IGP within a VRF—EIGRP
router eigrp 1
address-family ipv4 vrf foo
network 10.1.1.0 0.0.0.255
autonomous-system 1
exit-address-family
CE1 PE1
10.1.1.2
10.1.1.1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 41
CE1 PE1
10.1.1.2
10.1.1.1
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 42
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Run BGP within a VRF
PE1 iBGP
iBGP VPNv4
VPNv4 PE2
RST-2061 1.2.3.4
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 44
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Get Routes from
Customer Routing to VPNv4
• If CE routing is not BGP, need to redistribute into BGP
• NOTE: this means you *need* an IPv4 VRF BGP context to get
routes into the PE backbone, even if you don’t have any BGP
neighbors in the VRF
• IGP metric is usually carried as MED, unless changed
EIGRP is an exception, carries the 5-part metric as BGP extended communities
RST-2061 1.2.3.4
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 45
router rip
address-family ipv4 vrf foo
version 2
redistribute bgp 3402 metric 1
no auto-summary
network 10.0.0.0
exit-address-family
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Diagnostics on the PE
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 47
Diagnostics on the PE
…etc…
See the session on “Troubleshooting MPLS-VPN” -
(RST-3061) for more information
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 48
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 49
Route Reflectors
• Biggest scaling hurdle with MPLS-VPN is BGP
• Luckily, we have lots of experience scaling BGP
• Can use confederations or route reflectors
Confederations falling out of favor
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 50
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Route Reflectors
• Full iBGP mesh is a lot of neighbors
to maintain on every router
• N^2 provisioning when a PE is
added, and VPN networks are
growing constantly
Route Reflectors—
Basic Configuration
Client
neighbor 1.2.3.4 remote-as 3402
neighbor 1.2.3.4 update-source loopback0
PE1 iBGP
iBGP VPNv4
VPNv4
RR
1.2.3.6 1.2.3.4
Reflector On by Default
router bgp 3402 If Configured
[no bgp default route-target import] with RR-clients
neighbor 1.2.3.6 remote-as 3402
neighbor 1.2.3.6 update-source loopback0
address-family vpnv4
neighbor 1.2.3.6 route-reflector-client
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 52
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Route Reflectors—Peer Groups
• Use peer groups for a tremendous
convergence improvement
• On the RR
neighbor foo peer-group
neighbor 1.2.3.6 peer-group foo
• …then apply a common output policy to
neighbor foo
• See the deploying BGP session for more
details and knobs (RST-3003)
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 53
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 54
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Route Reflectors—Other Tweaks
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 55
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 56
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 57
BGP + Label
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 58
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Carrier’s Carrier: The Problem
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 59
P1 PE2
BGP
PE1 IP
P2 Dest=Internet
CEA3
CEA1 P3 Step 1
PE3
ISP A/Site 2
iBGP IPv4
ISP A/Site 1
Internet
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 60
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Carrier’s Carrier: The Problem (VPN)
CEA1 P3 Step 1
PE3
ISP A/Site 2
iBGP VPNv4
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 61
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 62
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Carrier’s Carrier: The Solution (Internet)
P1 PE2
Label (LDP/BGP+Label)
BGP Dest=CEa1
PE1
IP P2 IP
CEA3
Dest=Internet
Dest=Internet Step 3
Step 2
Step 4 Label (VPNv4)
Dest=CEa1
CEA1 Step 1
IP
Label (LDP/TE) PE3
P3 Dest=PE1
Dest=Internet
Label (VPNv4/IBGP)
VPN A/Site 2
Dest=CEa1
IP
Dest=Internet
VPN A/Site 1 Internet
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 63
Label (LDP/BGP)
Dest=CEa1
P1 PE2 Label (iBGP VPNv4)
Label (VPNv4) BGP Dest=VPN1
Dest=VPN1 PE1 IP
P2 Dest=VPN1-Cust CEA3
IP
Dest=VPN1-Cust Step 3
Step 2
Step 4 Label (VPnv4)
Dest=CEa1
CEA1 Step 1
Label (LDP/TE) PE3
Label (VPNv4) P3
Dest=PE1
Dest=VPN1 VPN A/Site 2
IP Label (VPnv4)
Dest=VPN1-Cust Dest=CEa1
Label (VPNv4)
Dest=VPN1
VPN A/Site 1 VPN1-Cust
IP
Dest=VPN1-Cust
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 64
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 65
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
VPN Client Connectivity
VPN-v4 Update:
RD:1:27:149.27.2.0/24, Edge
Edge Router1
Router1 Edge
Edge Router2
Router2
NH=PE-1
RT=1:231, Label=(28)
VPN- A VRF
AS #2 Import Routes with
PE-1
PE-1 AS #1 Route-target 1:231
PE2
PE2
How to Distribute
BGP, OSPF, RIPv2 Routes between
149.27.2.0/24,NH=CE-1
CE-1
SPs?
CE-1 CE2
CE2
VPN- A-1
VPN- A-2
149.27.2.0/24
149.27.2.0/24
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
MP-eBGP for VPNv4
Multihop MP-eBGP
between RRs
PE-1
PE-1 AS #1 AS #2
PE-2
PE-2
CE-1
CE-1 CE-2
CE-2
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
EBGP VPNv4
• Gateway PE-ASBRs exchange routes directly
using BGP
External MP-BGP for VPNv4 prefix exchange; no LDP or IGP
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 69
EBGP VPNv4
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 70
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
EBGP VPNv4
EBGP
EBGP for
for VPNv4
VPNv4
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
Label Exchange
between Gateway
AS #1 PE- ASBR Routers AS #2
PE-1 Using EBGP
PE-1
PE-2
PE-2
CE-1
CE-1 CE-2
CE-2 CE-3
CE-3 CE-4
CE-4
EBGP VPNv4
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
VPN-B-1
VPN-B-1 VPN-B-2
VPN-B-2
152.12.4.0/24
152.12.4.0/24
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 72
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
EBGP VPNv4
PE-1
PE-1
PE-2
PE-2
152.12.4.1 CE-3
CE-3 152.12.4.1
CE-2
CE-2
VPN-B-1
VPN-B-1 VPN-B-2
VPN-B-2
152.12.4.0/24
152.12.4.0/24
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 73
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 74
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Multihop EBGP VPNv4 between RRs
Multihop
Multihop EBGP
EBGP for
for
RR-1
RR-1 VPNv4
VPNv4 with
with Next-
Next- RR-2
RR-2
hop-unchanged
hop-unchanged
ASBR-1
ASBR-1 ASBR-2
ASBR-2
AS #1 AS #2
PE-1
PE-1
eBGP
eBGP IPv4
IPv4 ++ Labels
Labels PE-2
PE-2
ASBRs Exchange BGP
Next-hop Addresses
with Labels
CE-1
CE-1 CE-2
CE-2 CE-3
CE-3 CE-4
CE-4
VPN-v4 Update:
RD:1:27: 152.12.4.0/24,
RR-1
RR-1 NH=PE-1 RR-2
RR-2
RT=1:222, Label=(L1)
VPN-v4 Update: VPN-v4 Update:
RD:1:27: 152.12.4.0/24, RD:1:27: 152.12.4.0/24,
NH=PE-1 NH=PE-1
ASBR-1
ASBR-1 ASBR-2
ASBR-2
RT=1:222, Label=(L1) RT=1:222, Label=(L1)
Network=PE-1
NH=ASBR-2
Label=(L3)
PE-1
PE-1
Network=PE-1
NH=ASBR-1 PE-2
PE-2
Label=(L2)
BGP, OSPF, RIPv2 CE-2 BGP, OSPF, RIPv2
CE-2 CE-3
CE-3
152.12.4.0/24,NH=CE-2 152.12.4.0/24,NH=PE-2
VPN-B-1
VPN-B-1 VPN-B-2
VPN-B-2
152.12.4.0/24
152.12.4.0/24
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 76
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Multihop EBGP VPNv4 between RRs
RR-1
RR-1 RR-2
RR-2
152.12.4.1 CE-2
CE-2 CE-3
CE-3 152.12.4.1
VPN-B-1
VPN-B-1 VPN-B-2
VPN-B-2
152.12.4.0/24
152.12.4.0/24
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 77
• Best practices:
Next-hop-self on ASBRs
BGP+Label between ASBRs in RR
peering case
VPNv4 next-hops are not redistributed into
IGP, but passed around in BGP+Label
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 78
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
EBGP VPNv4
EBGP
EBGP VPNv4
VPNv4
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
IBGP
IBGP VPNv4
VPNv4 IBGP
IBGP VPNv4
VPNv4
AS #1 AS #2
PE-1
PE-1
PE-2
PE-2
CE-1
CE-1 CE-4
CE-4
EBGP VPNv4
EBGP
EBGP VPNv4
VPNv4
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
IBGP
IBGP VPNv4
VPNv4 IBGP
IBGP VPNv4
VPNv4
AS #1 AS #2
PE-1
PE-1
PE-2
PE-2
router bgp 1
no bgp default route-target filter
CE-1
CE-1 address-family vpnv4 CE-4
CE-4
neighbor <PE-1> next-hop-self
VPN- A-1 neighbor <PE-ASBR2>
VPN- A-2
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
EBGP VPNv4
EBGP
EBGP VPNv4
VPNv4
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
IBGP
IBGP VPNv4
VPNv4 IBGP
IBGP VPNv4
VPNv4
AS #1 AS #2
PE-1
PE-1
PE-2
PE-2
router bgp 2
no bgp default route-target filter
CE-1
CE-1 address-family vpnv4 CE-4
CE-4
neighbor <PE-2> next-hop-self
VPN- A-1 neighbor <PE-ASBR1>
VPN- A-2
EBGP VPNv4
EBGP
EBGP VPNv4
VPNv4
PE-
PE-ASBR-1
ASBR-1 PE-
PE-ASBR-2
ASBR-2
IBGP
IBGP VPNv4
VPNv4 IBGP
IBGP VPNv4
VPNv4
AS #1 AS #2
PE-1
PE-1
PE-2
PE-2
CE-1
CE-1 Good: Easy, Simple to Do CE-4
CE-4
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 82
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
BGP+Label Within and Between ASes
Multihop
Multihop EBGP
EBGP for
for
RR-1
RR-1 VPNv4
VPNv4 with
with Next-
Next- RR-2
RR-2
hop-unchanged
hop-unchanged
ASBR-1
ASBR-1 ASBR-2
ASBR-2
AS #1 AS #2
PE-1
PE-1
BGP
BGP IPv4
IPv4 ++ Labels
Labels PE-2
PE-2
CE-1
CE-1 CE-4
CE-4
router bgp <1|2>
address-family ipv4
VPN- A-1 neighbor <ASBR> send-label VPN- A-2
RR-1
RR-1 RR-2
RR-2
ASBR-1
ASBR-1 ASBR-2
ASBR-2
AS #1 AS #2
PE-1
PE-1
PE-2
PE-2
CE-1
CE-1 router bgp 1 CE-4
CE-4
neighbor <RR-2> remote-as 2
address-family vpnv4
VPN- A-1 neighbor <RR-2> activate VPN- A-2
neighbor <RR-2> next-hop-unchanged
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Multihop EBGP VPNv4 between RRs
Multihop
Multihop EBGP
EBGP for
for
RR-1
RR-1 VPNv4
VPNv4 with
with Next-
Next- RR-2
RR-2
hop-unchanged
hop-unchanged
ASBR-1
ASBR-1 ASBR-2
ASBR-2
AS #1 AS #2
PE-1
PE-1
BGP
BGP IPv4
IPv4 ++ Labels
Labels PE-2
PE-2
CE-1
CE-1 CE-4
CE-4
Packet Forwarding
Bad: More Complex
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 85
Agenda
• Prerequisites
• Background
• Theory
• Practice
• Route Reflectors
• Carrier’s Carrier
• Inter-AS
• Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 86
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Import/Export Maps
How Do I Do This?
VPN- A-2
CE-2
CE-2
PE-2
PE-2
PE-1
PE-1 AS42
PE-3
PE-3
CE-1
CE-1
CE-3
CE-3
VPN- A-1
16.1.0.0/16
VPN- A-3
16.2.0.0/16
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 88
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Import/Export Maps: Theory
VPN- A-2
CE-2
CE-2
PE-2
PE-2
PE-1
PE-1 AS42
PE-3
PE-3
CE-1
CE-1
CE-3
CE-3
VPN- A-1
16.1.0.0/16
VPN- A-3
16.2.0.0/16
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 89
VPN- A-1
16.1.0.0/16
16.2.0.0/16
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 90
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Import/Export Maps
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 91
Conclusion
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 92
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
Recommended Reading
Session RST-2061
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 94
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2
RST-2061
8181_05_2003_c2 © 2003, Cisco Systems, Inc. All rights reserved. 95
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
8181_05_2003_c2