Option 1: Inter-Provider VPN Using Back-to-Back VRF Method

Option 1 Inter Provider VPN Using Back to Back VRF Method

The VRF-to-VRF approach is the simplest method for allowing MPLS VPN providers to exchange VPN routing information for CE sites in different MPLS domains. In this approach, the border provider edge (PE) routers residing in different autonomous systems function as ASBRs. These ASBRs are interconnected either via a single link consisting of logical subinterfaces or via multiple physical links. VRFs are configured on the ASBRs to collect VPN client routes. Each subinterface or interface connected between the ASBRs is dedicated to a single client VRF. The single client VRF can run eBGP, RIPv2, EIGRP, OSPF, or static routing to distribute the VPN routes to its adjacent peer. The use of eBGP is, however, the most common in back-to-back VRF method because eBGP scales best to this type of application, retaining the type of the route and offering better policy, scalability, and security mechanisms. In this method, the LSP paths in adjacent MPLS VPN autonomous systems are interconnected using the IP forwarding mechanism between the AS border routers.

Figure 7-4 shows an MPLS VPN network where sites in VPN-A and VPN-B are geographically dispersed. Site 1 and Site 2 in VPN-A have CE Routers CE1-A and CE2-A, which respectively connect to PE Routers PE1-AS1 and PE1-AS2, located in Service Provider 1 and Service Provider 2. Site 1 and Site 2 in VPN-B have CE Routers CE1-B and CE2-B, which respectively connect to PE Routers PE1-AS1 and PE1-AS2 located in Service Provider 1 and Service Provider 2.

Figure 7-4. Back-to-Back VRF Method

Service Provider 1 uses BGP AS 1 and Service Provider 2 uses BGP AS 2. PE1-ASBR1-AS1 and PE2-ASBR2-AS2 are ASBR routers that are connected by multiple subinterfaces. The interfaces are associated with a given VRF (Cust_A for VPN-A and Cust_B for VPN-B). Conventional routing is configured between MPLS VPN sites to distribute IPv4 routes to its peers. Therefore, the ASBR Router PE2-ASBR1-AS1 treats the other ASBR Router PE2-ASBR2-AS2 as if it was a CE router; similarly, PE2-ASBR2-AS2 also treats the PE1-ASBR1-AS1 as a CE router. This approach enhances the usability of MPLS VPN backbones; however, it also introduces greater complexity because it requires dedicated VPN links between the adjacent ASBRs. The VPN routing information that is passed between the two ASBR routers, PE2-ASBR1-AS1 and PE2-ASBR2-AS2, is in IPv4 format.

Control Plane Forwarding in Option 1

In the back-to-back VRF method, the ASBRs use the IP forwarding mechanism to interconnect the LSP path between the two different MPLS VPN entities. Figure 7-5 shows the path taken by the control packet for 172.16.10.0/24 originating from CE1-A to CE2-A.

Figure 7-5. Control Plane Forwarding in Back-to-Back VRF Method

Note

In this chapter, the control plane operation for VPN and LDP (IGP) label distribution is shown to occur simultaneously. This is done to provide more clarity to the entire operation and does not imply that they occur together. LDP label distribution can occur independent of the VPN label distribution.

Data Forwarding in Option 1

The data forwarding path originates from the 172.16.20.0 network (assuming the source is 172.16.20.1/24) with the traffic destined to 172.16.10.0 network (assuming the destination is 172.16.10.1). The source and destination are located on two different MPLS VPN provider networks. Figure 7-6 traces the path of the data packet from the source to the destination.

Figure 7-6. Data Forwarding in Back-to-Back VRF Method

Configuring Back-to-Back VRF Method

In this chapter, the configuration steps will be shown for routers that are responsible for Inter-AS operations. The configuration for back-to-back VRF method on the ASBR routers is similar to any configuration on a PE router providing VPN services:

CE CE1-A and CE2-A Configuration for Option 1

Example 7-3 shows the configurations on Customer A CE routers.

Example 7-3. CE CE1-A and CE2-A Configuration

hostname CE1-A ! interface Ethernet0/0 description Customer A Site 1 network ip address 172.16.10.1 255.255.255.0 ! interface Serial1/0 description connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 ! router bgp 65001 no synchronization bgp log-neighbor-changes network 172.16.10.0 mask 255.255.255.0 neighbor 172.16.1.1 remote-as 1 no auto-summary __________________________________________________________________________ hostname CE2-A ! interface Ethernet0/0 description Customer A Site 2 network ip address 172.16.20.1 255.255.255.0 ! interface Serial1/0 description connected to PE1-AS2 ip address 172.16.2.2 255.255.255.252 ! router bgp 65002 no synchronization bgp log-neighbor-changes network 172.16.20.0 mask 255.255.255.0 neighbor 172.16.2.1 remote-as 2 no auto-summary

Example 7-4 shows the configurations on Customer B CE routers.

Example 7-4. CE CE1-B and CE2-B Configuration

hostname CE1-B ! interface Ethernet0/0 description Customer B Site 1 network ip address 192.168.10.1 255.255.255.0 no keepalive ! interface Serial1/0 description connected to PE1-AS1 ip address 192.168.1.2 255.255.255.252 ! router bgp 65001 no synchronization bgp log-neighbor-changes network 192.168.10.0 neighbor 192.168.1.1 remote-as 1 no auto-summary hostname CE2-B ! interface Ethernet0/0 description Customer B Site 2 network ip address 192.168.20.1 255.255.255.0 no keepalive ! interface Serial1/0 description connected to PE1-AS2 ip address 192.168.2.2 255.255.255.252 ! router bgp 65001 no synchronization bgp log-neighbor-changes network 192.168.20.0 neighbor 192.168.2.1 remote-as 2 no auto-summary

Provider Router, PE, and PE ASBR Router Configurations for Option 1

Example 7-5 shows final configuration on the PE1, PE2, and P1 routers.

Example 7-5. Provider, PE, and ASBR Router Configurations

hostname PE1-AS1 ! ip cef ! ip vrf Cust_A rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf Cust_B rd 1:101 route-target export 1:101 route-target import 1:101 ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/0 description connected to P1-AS1 ip address 10.10.10.1 255.255.255.252 mpls ip ! interface Serial1/0 description connected to Cust_A CE1-A ip vrf forwarding Cust_A ip address 172.16.1.1 255.255.255.252 ! interface Serial2/0 description connected to Cust_B CE1-B ip vrf forwarding Cust_B ip address 192.168.1.1 255.255.255.252 ! router ospf 1 router-id 10.10.10.101 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization neighbor 10.10.10.200 remote-as 1 neighbor 10.10.10.200 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.200 activate neighbor 10.10.10.200 send-community extended exit-address-family ! address-family ipv4 vrf Cust_B neighbor 192.168.1.2 remote-as 65001 neighbor 192.168.1.2 activate neighbor 192.168.1.2 as-override no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf Cust_A neighbor 172.16.1.2 remote-as 65001 neighbor 172.16.1.2 activate no auto-summary no synchronization exit-address-family __________________________________________________________________________ hostname PE2-AS1-ASBR1 ! ip cef ! ip vrf Cust_A rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf Cust_B rd 1:101 route-target export 1:101 route-target import 1:101 ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Serial0/0 description connected to P1-AS1 ip address 10.10.10.5 255.255.255.252 mpls ip ! interface Serial1/0 no ip address encapsulation frame-relay ! interface Serial1/0.100 point-to-point description connected to Cust_A PE2-AS2-ASBR2 ip vrf forwarding Cust_A ip address 172.16.3.1 255.255.255.252 frame-relay interface-dlci 100 ! interface Serial1/0.200 point-to-point description connected to Cust_B PE2-AS2-ASBR2 ip vrf forwarding Cust_B ip address 192.168.3.1 255.255.255.252 frame-relay interface-dlci 200 ! router ospf 1 router-id 10.10.10.102 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization neighbor 10.10.10.200 remote-as 1 neighbor 10.10.10.200 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.200 activate neighbor 10.10.10.200 send-community extended exit-address-family ! address-family ipv4 vrf Cust_B neighbor 192.168.3.2 remote-as 2 neighbor 192.168.3.2 activate no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf Cust_A neighbor 172.16.3.2 remote-as 2 neighbor 172.16.3.2 activate no auto-summary no synchronization exit-address-family __________________________________________________________________________ hostname P1-AS1-RR ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 description connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252 mpls ip ! interface Serial1/0 description connected to PE2-AS1-ASBR1 ip address 10.10.10.6 255.255.255.252 mpls ip ! router ospf 1 router-id 10.10.10.200 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no bgp default ipv4-unicast neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community extended neighbor 10.10.10.101 route-reflector-client neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community extended neighbor 10.10.10.102 route-reflector-client exit-address-family __________________________________________________________________________ hostname P1-AS2-RR ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.200 255.255.255.255 ! interface Serial0/0 description connected to PE2-AS2-ASBR2 ip address 10.20.20.6 255.255.255.252 mpls ip ! interface Serial1/0 description connected to PE1-AS2 ip address 10.20.20.2 255.255.255.252 mpls ip ! router ospf 2 router-id 10.20.20.200 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no bgp default ipv4-unicast neighbor 10.20.20.101 remote-as 2 neighbor 10.20.20.101 update-source Loopback0 neighbor 10.20.20.102 remote-as 2 neighbor 10.20.20.102 update-source Loopback0 ! address-family vpnv4 neighbor 10.20.20.101 activate neighbor 10.20.20.101 send-community extended neighbor 10.20.20.101 route-reflector-client neighbor 10.20.20.102 activate neighbor 10.20.20.102 send-community extended neighbor 10.20.20.102 route-reflector-client exit-address-family __________________________________________________________________________ hostname PE2-AS2-ASBR2 ! ip cef ! ip vrf Cust_A rd 2:100 route-target export 2:100 route-target import 2:100 ! ip vrf Cust_B rd 2:101 route-target export 2:101 route-target import 2:101 ! frame-relay switching ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.102 255.255.255.255 ! interface Serial0/0 description connected to P1-AS2 ip address 10.20.20.5 255.255.255.252 mpls ip ! interface Serial1/0 no ip address encapsulation frame-relay frame-relay intf-type dce ! interface Serial1/0.100 point-to-point description connected to Cust_A PE2-AS1-ASBR1 ip vrf forwarding Cust_A ip address 172.16.3.2 255.255.255.252 frame-relay interface-dlci 100 ! interface Serial1/0.200 point-to-point description connected to Cust_B PE2-AS1-ASBR1 ip vrf forwarding Cust_B ip address 192.168.3.2 255.255.255.252 frame-relay interface-dlci 200 ! router ospf 2 router-id 10.20.20.102 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no synchronization neighbor 10.20.20.200 remote-as 2 neighbor 10.20.20.200 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.20.20.200 activate neighbor 10.20.20.200 send-community extended exit-address-family ! address-family ipv4 vrf Cust_B neighbor 192.168.3.1 remote-as 1 neighbor 192.168.3.1 activate no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf Cust_A neighbor 172.16.3.1 remote-as 1 neighbor 172.16.3.1 activate no auto-summary no synchronization exit-address-family __________________________________________________________________________ hostname PE1-AS2 ! ip cef ! ip vrf Cust_A rd 2:100 route-target export 2:100 route-target import 2:100 ! ip vrf Cust_B rd 2:101 route-target export 2:101 route-target import 2:101 ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.101 255.255.255.255 ! interface Serial0/0 description connected to P1-AS2 ip address 10.20.20.1 255.255.255.252 mpls ip ! interface Serial1/0 description connected to Cust_A CE2-A ip vrf forwarding Cust_A ip address 172.16.2.1 255.255.255.252 ! interface Serial2/0 description connected to Cust_B CE2-B ip vrf forwarding Cust_B ip address 192.168.2.1 255.255.255.252 ! router ospf 2 router-id 10.20.20.101 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no synchronization neighbor 10.20.20.200 remote-as 2 neighbor 10.20.20.200 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.20.20.200 activate neighbor 10.20.20.200 send-community extended exit-address-family ! address-family ipv4 vrf Cust_B neighbor 192.168.2.2 remote-as 65001 neighbor 192.168.2.2 activate neighbor 192.168.2.2 as-override no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf Cust_A neighbor 172.16.2.2 remote-as 65002 neighbor 172.16.2.2 activate no auto-summary no synchronization exit-address-family

Verifying Option 1

The steps to verify back-to-back VRF operation are