Option 4: Non-VPN Transit Provider
Option 4 Non VPN Transit Provider
In this approach, multiple VPN providers use another MPLS-enabled service provider as a transit backbone to exchange MPLS VPN routes. Figure 7-31 shows a multiprovider MPLS VPN network using AS100 as a transit provider to transport VPN routes.
Figure 7-31. Inter-AS Using a Non-VPN Transit Provider
In this option, a multi-hop MP-eBGP session is formed between the two RRs belonging to the two different providers. To implement this option, BGP next hops need to be propagated and an end-to-end LSP path needs to be maintained.
P1-AS1-RR and P1-AS2-RR are RRs that are local in each of the provider's network. An MP-eBGP session is formed between the RRs to transport VPNv4 information across the multiprovider network. An eBGP session is formed between the ASBR1-AS1 and ASBR1-AS100. Another eBGP session is formed between ASBRs in AS2 and AS100.
Control Plane Forwarding in Option 4
Figure 7-32 shows the control plane forwarding action that takes place for prefix 172.16.10.0/24 advertised by CE1-A to CE2-A that belongs to the same VPN, CUST_A.
Figure 7-32. Control Plane Operation in a Non-VPN Transit Provider Network
Data Forwarding in Option 4
The source and destination networks are located on two different MPLS VPN provider networks. The data forwarding path originates from the source address of the flow, which is 172.16.20.1 destined to 172.16.10.1. Figure 7-33 traces the path of the data packet from the source to the destination.
Figure 7-33. Data Forwarding in Option 4
Configuration Flowchart in Option 4
Figure 7-34 shows the configuration steps that are involved in accomplishing a functional Inter-AS network using option 4.
Figure 7-34. MPLS VPN Network Using Option 4
Configuration and Verification of Option 4
Figure 7-31 illustrated a multiprovider MPLS VPN network in which sites in VPN-A are geographically dispersed. Site 1 in VPN-A is connected to PE1-AS1 in AS1, and Site 2 in VPN-A is connected to PE1-AS2 in AS2. EBGP peering is configured between ASBRs:
- ASBR1-AS1 and ASBR1-AS100
- ASBR1-AS2 and ASBR2-AS100
The steps to configure are
Step 1. |
Configure transit VPN network, AS100 – Configure the ASBR Routers ASBR1-AS100 and ASBR2-AS100 for IGP, as shown in Example 7-23. In this case, OSPF is used. Configure iBGP peering between the two ASBRs for eBGP. Use neighbor send-label to enable exchange of IPv4 label exchange between the two peers.
Example 7-23. Configure Transit VPN Network, AS100 ASBR1-AS100(config)#interface Loopback0 ASBR1-AS100(config-if)# ip address 172.16.100.101 255.255.255.255 ASBR1-AS100(config-if)#interface Serial0/0 ASBR1-AS100(config-if)# ip address 172.16.100.1 255.255.255.252 ASBR1-AS100(config-if)# mpls ip ASBR1-AS100(config-if)#interface Serial1/0 ASBR1-AS100(config-if)# ip address 172.16.3.2 255.255.255.252 ASBR1-AS100(config-if)#router ospf 100 ASBR1-AS100(config-router)# network 172.16.100.0 0.0.0.255 area 0 ASBR1-AS100(config-router)#router bgp 100 ASBR1-AS100(config-router)# network 172.16.100.101 mask 255.255.255.255 ASBR1-AS100(config-router)# neighbor 172.16.3.1 remote-as 1 ASBR1-AS100(config-router)# neighbor 172.16.3.1 send-label ASBR1-AS100(config-router)# neighbor 172.16.100.102 remote-as 100 ASBR1-AS100(config-router)# neighbor 172.16.100.102 update-source Loopback0 ASBR1-AS100(config-router)# neighbor 172.16.100.102 next-hop-self ASBR1-AS100(config-router)# neighbor 172.16.100.102 send-label ___________________________________________________________________________ ASBR2-AS100(config)#interface Loopback0 ASBR2-AS100(config-if)# ip address 172.16.100.102 255.255.255.255 ASBR2-AS100(config-if)#interface Serial0/0 ASBR2-AS100(config-if)# ip address 172.16.100.2 255.255.255.252 ASBR2-AS100(config-if)# mpls ip ASBR2-AS100(config-if)#interface Serial1/0 ASBR2-AS100(config-if)# ip address 172.16.4.2 255.255.255.252 ASBR2-AS100(config-if)#router ospf 100 ASBR2-AS100(config-router)# network 172.16.100.0 0.0.0.255 area 0 ASBR2-AS100(config-router)#router bgp 100 ASBR2-AS100(config-router)# network 172.16.100.102 mask 255.255.255.255 ASBR2-AS100(config-router)# neighbor 172.16.4.1 remote-as 2 ASBR2-AS100(config-router)# neighbor 172.16.4.1 send-label ASBR2-AS100(config-router)# neighbor 172.16.100.101 remote-as 100 ASBR2-AS100(config-router)# neighbor 172.16.100.101 update-source Loopback0 ASBR2-AS100(config-router)# neighbor 172.16.100.101 next-hop-self ASBR2-AS100(config-router)# neighbor 172.16.100.101 send-label |
Step 2. |
Configure ASBR routers in AS1 and AS2 – In this step, the ASBR routers are configured to perform eBGP peering with transit VPN providers ASBR routers, ASBR1-AS100 and ASBR2-AS100. The loopbacks on PE and RR routers are advertised in BGP on the ASBR routers, and the BGP routes are redistributed in OSPF to ensure reachability. Example 7-24 demonstrates the step. Note that mpls bgp forwarding is added by default when MP-eBGP is established between ASBR1-AS1 and ASBR1-AS100. You will see this command under the serial interface in the final configurations.
Example 7-24. Configure ASBR Routers in AS1 and AS2 ASBR1-AS1(config)#interface Loopback0 ASBR1-AS1(config-if)# ip address 10.10.10.102 255.255.255.255 ASBR1-AS1(config-if)# exit ASBR1-AS1(config)#mpls ldp router-id Loopback0 ASBR1-AS1(config)#interface Serial0/0 ASBR1-AS1(config-if)# ip address 10.10.10.5 255.255.255.252 ASBR1-AS1(config-if)# mpls ip ASBR1-AS1(config-if)#interface Serial1/0 ASBR1-AS1(config-if)# ip address 172.16.3.1 255.255.255.252 ASBR1-AS1(config-if)# mpls bgp forwarding ASBR1-AS1(config-if)#router ospf 1 ASBR1-AS1(config-router)# router-id 10.10.10.102 ASBR1-AS1(config-router)# network 10.0.0.0 0.255.255.255 area 0 ASBR1-AS1(config-router)#router bgp 1 ASBR1-AS1(config-router)# network 10.10.10.101 mask 255.255.255.255 ASBR1-AS1(config-router)# network 10.10.10.200 mask 255.255.255.255 ASBR1-AS1(config-router)# neighbor 10.10.10.200 remote-as 1 ASBR1-AS1(config-router)# neighbor 10.10.10.200 update-source Loopback0 ASBR1-AS1(config-router)# neighbor 10.10.10.200 next-hop-self ASBR1-AS1(config-router)# neighbor 10.10.10.200 send-label ASBR1-AS1(config-router)# neighbor 172.16.3.2 remote-as 100 ASBR1-AS1(config-router)# neighbor 172.16.3.2 send-label ________________________________________________________________________ ASBR2-AS2(config)#interface Loopback0 ASBR2-AS2(config-if)# ip address 10.20.20.102 255.255.255.255 ASBR2-AS2(config-if)#exit ASBR2-AS2(config)#mpls ldp router-id Loopback0 ASBR2-AS2(config-if)#interface Serial0/0 ASBR2-AS2(config-if)# ip address 10.20.20.5 255.255.255.252 ASBR2-AS2(config-if)# mpls ip ASBR2-AS2(config-if)#interface Serial1/0 ASBR2-AS2(config-if)# ip address 172.16.4.1 255.255.255.252 ASBR2-AS2(config-if)#router ospf 2 ASBR2-AS2(config-router)# router-id 10.20.20.102 ASBR2-AS2(config-router)# network 10.0.0.0 0.255.255.255 area 0 ASBR2-AS2(config-router)#router bgp 2 ASBR2-AS2(config-router)# network 10.20.20.101 mask 255.255.255.255 ASBR2-AS2(config-router)# network 10.20.20.200 mask 255.255.255.255 ASBR2-AS2(config-router)# neighbor 10.20.20.200 remote-as 2 ASBR2-AS2(config-router)# neighbor 10.20.20.200 update-source Loopback0 ASBR2-AS2(config-router)# neighbor 10.20.20.200 next-hop-self ASBR2-AS2(config-router)# neighbor 10.20.20.200 send-label ASBR2-AS2(config-router)# neighbor 172.16.4.2 remote-as 100 ASBR2-AS2(config-router)# neighbor 172.16.4.2 send-label |
Step 3. |
Configure MP-eBGP session between the RRs – In this step, you configure an MP-eBGP session between the RR as shown in Example 7-25. Before performing this step, ensure that the loopback addresses on the RRs are reachable. Ensure that P1-AS1-RR and P1-AS2-RR serve both as an IPv4 and VPNv4 RR.
Example 7-25. Configure MP-eBGP Session Between the RRs P1-AS1-RR(config)#router bgp 1 P1-AS1-RR(config-router)# no bgp default ipv4-unicast P1-AS1-RR(config-router)# neighbor 10.10.10.101 remote-as 1 P1-AS1-RR(config-router)# neighbor 10.10.10.101 update-source Loopback0 P1-AS1-RR(config-router)# neighbor 10.10.10.102 remote-as 1 P1-AS1-RR(config-router)# neighbor 10.10.10.102 update-source Loopback0 P1-AS1-RR(config-router)# neighbor 10.20.20.200 remote-as 2 P1-AS1-RR(config-router)# neighbor 10.20.20.200 ebgp-multihop 10 P1-AS1-RR(config-router)# neighbor 10.20.20.200 update-source Loopback0 P1-AS1-RR(config-router)# address-family ipv4 P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 activate P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 route-reflector-client P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 next-hop-self P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 send-label P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 activate P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 route-reflector-client P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 next-hop-self P1-AS1-RR(config-router-af)# neighbor 10.10.10.102 send-label P1-AS1-RR(config-router-af)# exit-address-family P1-AS1-RR(config-router)# address-family vpnv4 P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 activate P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 send-community extended P1-AS1-RR(config-router-af)# neighbor 10.10.10.101 route-reflector-client P1-AS1-RR(config-router-af)# neighbor 10.20.20.200 activate P1-AS1-RR(config-router-af)# neighbor 10.20.20.200 send-community extended P1-AS1-RR(config-router-af)# neighbor 10.20.20.200 next-hop-unchanged ___________________________________________________________________________ P1-AS2-RR(config)#router bgp 2 P1-AS2-RR(config-router)# no bgp default ipv4-unicast P1-AS2-RR(config-router)# neighbor 10.10.10.200 remote-as 1 P1-AS2-RR(config-router)# neighbor 10.10.10.200 ebgp-multihop 10 P1-AS2-RR(config-router)# neighbor 10.10.10.200 update-source Loopback0 P1-AS2-RR(config-router)# neighbor 10.20.20.101 remote-as 2 P1-AS2-RR(config-router)# neighbor 10.20.20.101 update-source Loopback0 P1-AS2-RR(config-router)# neighbor 10.20.20.102 remote-as 2 P1-AS2-RR(config-router)# neighbor 10.20.20.102 update-source Loopback0 P1-AS2-RR(config-router)# address-family ipv4 P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 activate P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 route-reflector-client P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 next-hop-self P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 send-label P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 activate P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 route-reflector-client P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 next-hop-self P1-AS2-RR(config-router-af)# neighbor 10.20.20.102 send-label P1-AS2-RR(config-router-af)# exit-address-family P1-AS2-RR(config-router)# address-family vpnv4 P1-AS2-RR(config-router-af)# neighbor 10.10.10.200 activate P1-AS2-RR(config-router-af)# neighbor 10.10.10.200 send-community extended P1-AS2-RR(config-router-af)# neighbor 10.10.10.200 next-hop-unchanged P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 activate P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 send-community extended P1-AS2-RR(config-router-af)# neighbor 10.20.20.101 route-reflector-client |
ASBR and RR Configurations in Option 4
Example 7-26 shows the ASBR1, ASBR2, and RR configurations when using option 4.
Example 7-26. ASBR and RR Configurations
hostname ASBR1-AS1 ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.5 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.3.1 255.255.255.252 mpls bgp forwarding ! router ospf 1 router-id 10.10.10.102 redistribute bgp 1 metric 1 subnets route-map from_AS100 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization network 10.10.10.101 mask 255.255.255.255 network 10.10.10.102 mask 255.255.255.255 network 10.10.10.200 mask 255.255.255.255 network 100.100.100.100 mask 255.255.255.255 neighbor 172.16.3.2 remote-as 100 neighbor 172.16.3.2 send-label no auto-summary ! ip access-list standard from_AS100 permit 10.20.20.102 permit 10.20.20.101 permit 172.16.100.101 permit 172.16.100.102 permit 10.20.20.200 ! route-map from_AS100 permit 10 match ip address from_AS100 _________________________________________________________________________ hostname ASBR2-AS2 ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.102 255.255.255.255 ! interface Serial0/0 ip address 10.20.20.5 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.4.1 255.255.255.252 mpls bgp forwarding ! router ospf 2 router-id 10.20.20.102 redistribute bgp 2 metric 1 subnets route-map from_AS100 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no synchronization network 10.20.20.101 mask 255.255.255.255 network 10.20.20.102 mask 255.255.255.255 network 10.20.20.200 mask 255.255.255.255 network 100.100.100.101 mask 255.255.255.255 neighbor 172.16.4.2 remote-as 100 neighbor 172.16.4.2 send-label no auto-summary ! ip access-list standard from_AS100 permit 10.10.10.102 permit 10.10.10.101 permit 172.16.100.101 permit 172.16.100.102 permit 10.10.10.200 ! route-map from_AS100 permit 10 match ip address from_AS100 _________________________________________________________________________ hostname ASBR1-AS100 ! ip cef ! interface Loopback0 ip address 172.16.100.101 255.255.255.255 ! interface Serial0/0 ip address 172.16.100.1 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.3.2 255.255.255.252 mpls bgp forwarding ! router ospf 100 network 172.16.100.0 0.0.0.255 area 0 ! router bgp 100 no synchronization network 172.16.100.101 mask 255.255.255.255 neighbor 172.16.3.1 remote-as 1 neighbor 172.16.3.1 send-label neighbor 172.16.100.102 remote-as 100 neighbor 172.16.100.102 next-hop-self neighbor 172.16.100.102 update-source Loopback0 neighbor 172.16.100.102 send-label no auto-summary _________________________________________________________________________ hostname ASBR2-AS100 ! ip cef ! interface Loopback0 ip address 172.16.100.102 255.255.255.255 ! interface Serial0/0 ip address 172.16.100.2 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.4.2 255.255.255.252 mpls bgp forwarding ! router ospf 100 network 172.16.100.0 0.0.0.255 area 0 ! router bgp 100 no synchronization network 172.16.100.102 mask 255.255.255.255 neighbor 172.16.4.1 remote-as 2 neighbor 172.16.4.1 send-label neighbor 172.16.100.101 remote-as 100 neighbor 172.16.100.101 update-source Loopback0 neighbor 172.16.100.101 next-hop-self neighbor 172.16.100.101 send-label no auto-summary _________________________________________________________________________ hostname P1-AS1-RR ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.2 255.255.255.252 mpls ip ! interface Serial1/0 ip address 10.10.10.6 255.255.255.252 mpls ip ! router ospf 1 router-id 10.10.10.200 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no bgp default ipv4-unicast neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 neighbor 10.20.20.200 remote-as 2 neighbor 10.20.20.200 ebgp-multihop 255 neighbor 10.20.20.200 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 route-reflector-client neighbor 10.10.10.101 send-community extended neighbor 10.20.20.200 activate neighbor 10.20.20.200 next-hop-unchanged neighbor 10.20.20.200 send-community extended exit-address-family hostname P1-AS2-RR ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.200 255.255.255.255 ! interface Serial0/0 ip address 10.20.20.6 255.255.255.252 mpls ip ! interface Serial1/0 ip address 10.20.20.2 255.255.255.252 mpls ip ! router ospf 2 router-id 10.20.20.200 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no bgp default ipv4-unicast neighbor 10.10.10.200 remote-as 1 neighbor 10.10.10.200 ebgp-multihop 255 neighbor 10.10.10.200 update-source Loopback0 neighbor 10.20.20.101 remote-as 2 neighbor 10.20.20.101 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.10.200 activate neighbor 10.10.10.200 next-hop-unchanged neighbor 10.10.10.200 send-community extended neighbor 10.20.20.101 activate neighbor 10.20.20.101 route-reflector-client neighbor 10.20.20.101 send-community extended exit-address-family
Verifying Inter-Provider VPN Operation Using Option 4
The steps to verify inter-provider VPN operation using option 4 are
Step 1. |
Verify control plane forwarding with option 4 – Figure 7-35 shows the control plane forwarding operation when the 172.16.10.0/24 prefix is propagated across the multiprovider networks AS1 and AS2 to CE2-A.
Figure 7-35. Control Plane Forwarding in Option 4 |
Step 2. |
Verify data forwarding in option 4 – Figure 7-36 shows the data plane forwarding operation when a packet is sent from 172.16.20.1 to 172.16.10.1.
Figure 7-36. Data Forwarding in Option 4 |
Step 3. |
Verify end-to-end connectivity via ping – Verify end-to-end connectivity between Customer A networks (172.16.10.0/24 and 172.16.20.0/24) and Customer B networks (192.168.10.0/24 and 192.168.20.0/24). Example 7-27 shows the result of the ping operation.
Example 7-27. Verify End-to-End Connectivity CE1-A#ping 172.16.20.1 source 172.16.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: Packet sent with a source address of 172.16.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 140/140/140 ms __________________________________________________________________________ CE1-B#ping 192.168.20.1 source 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: Packet sent with a source address of 192.168.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 132/138/140 ms |